A phone System with Direct Routing is now available for Microsoft Teams and it’s generating buzz in the market. IT leaders are beginning to ask, “What does this mean for my business?”. The objective of this guide is to provide answers and insights to help you determine if Microsoft direct routing is the right solution for your digital workplace.
What is Microsoft Phone System for Teams?
It’s important to first establish the baseline for this discussion. Microsoft Teams provides the hub for teamwork within Microsoft 365. A key component of Microsoft Teams is the ability to make/receive phone calls via Microsoft Phone System. Microsoft Phone System requires calling plans in order to make/receive calls. There are two options for calling plans with Microsoft Phone System in Teams:
- Microsoft Calling Plans
- Direct Routing
When you pair Microsoft Calling Plans and/or Direct Routing with Microsoft Phone System, the result is a full enterprise calling experience within Microsoft 365 on a global scale.

What does the Microsoft Teams Direct Routing announcement mean for your organization?
Short answer: It depends on several factors.
Long answer: Every organization is unique, and the Direct Routing announcement for Microsoft Teams will impact each organization in different ways.
We analyzed our customer conversations over the last 90 days and here are common characteristics for organizations currently demonstrating an above-average interest in Teams / Phone System / Direct Routing.

What is a Direct Routing for Microsoft Teams?
Direct Routing enables customers to bring their own telecom services into the Microsoft Cloud for Microsoft Phone System. Prior to Direct routing, the only option for telecom services with Microsoft Teams was Microsoft calling plans. Direct Routing is important because it provides a solution for organizations to leverage preferred telecom rates and take advantage of the many benefits of Microsoft Phone System with Teams.
What components are required for Microsoft Teams Direct Routing?
For an organization to enable Direct Routing, the following components are required:
- Microsoft 365 enterprise subscription (E1, E3 or E5)
- Microsoft Phone System Add-On (with E1, E3)
- Session Border Controllers (SBCs) from approved Microsoft SBC vendor list
- SIP trunks from your telecom/voice provider
The key piece of the Direct Routing infrastructure is the SBCs. Depending on your on-staff expertise and/or preference on inhouse vs. outsourced IT, the SBCs can be deployed.
What are the deployment options for Microsoft Teams Direct Routing?
There are two approved approaches to Microsoft Teams Direct Routing: Partner-Hosted & Customer-Deployed.
Partner-Hosted Approach
For organizations that have, or want to start, embracing cloud-based services, the partner-hosted scenario is the correct approach. SBCs are hosted within communications cloud – ensuring management, uptime and quality of experience.

Customer-Deployed Approach
For organizations that have the in-house expertise and/or prefer to manage voice infrastructure internally, a customer deployed scenario is the best approach. SBCs are deployed within the customer environment (data centers) and the management/quality of experience is the responsibility of the internal IT team.

When does it make sense to use Microsoft Teams Direct Routing vs. Microsoft Calling Plans?
- In countries where Microsoft Calling plans are not available.
- When customers want to keep their existing telco contract.
- For interoperability with third-party systems (e.g. existing PBXs during the migration).
- To connect analog devices into Microsoft Teams (e.g. fax, paging systems, elevator phones).
- More flexible billing options.
- When broader coverage than Microsoft Calling Plans is needed.

Is Direct Routing available with Microsoft Teams only?
Direct Routing is only available with Microsoft Teams. For organizations using Skype for Business online, the Direct Routing equivalent is Cloud Connector Edition (CCE). CCE can be deployed in the customer data center or in a partner-hosted model, enabling customers to bring their own telecom/voice services to Skype for Business Online.
Can organizations deploy both Microsoft Calling Plans & Direct Routing?
Yes. It is possible (and supported) to configure users for both Microsoft Calling Plans and Direct Routing. This approach provides the flexibility to control the path a call takes based on the destination phone number dialed. An advantage of this approach is the SBC can be located locally in-country, so calls will be delivered as local calls.
So what does this mean for your organization?
We’ve covered a lot of ground in this ebook and now it’s time to figure out what it means for your organization. Of course, this largely depends on your specific situation:
- How many phone systems are you currently managing and how old are they?
- Have you deployed Microsoft 365?
- Do you outsource your IT needs or do you have a DIY approach?
- Do you have global offices? Do you need local support?
- When is your telecom/SIP contracts up for renewal?
- Do you have an office move planned in the next 12 months?
- Do you have complex voice requirements? (e.g. analog devices, contact center, fax)
With an in-depth discussion about the factors affecting your organization, it’s possible to provide a comprehensive recommendation for your digital needs.
Configure Microsoft 365 Tenant for Microsoft Teams Direct Routing
The required steps are documented in detail here.
Connect to Skype for Business Online via PowerShell
After connection has been established successfully the list of commands to manage the SBC can be found by executing the command *onlinePSTNGateway in the PowerShell session.
Pair the SBC with the tenant
The PowerShell cmdlet “New-CsOnlinePSTNGateway” associates the SBC with the tenant.
Validate the pairing
Use “Get-CsOnlinePSTNGateway” to see if the SBC is present in the list of paired SBC’s. Enable SIP options in OfficeMaster VoIP Parameters (set interval to 60 seconds) and check logs written by syslog service if options are sent and confirmed successfully. In that case incoming options requests should be seen also.
Enable users for Direct Routing Service
The necessary steps are:
- Create user in Microsoft 365 and assign the license.
- Ensure that the user is homed in Skype for Business Online.
- Configure phone number and enable enterprise voice and voicemail.
- Configure voice routing.
Enable Calling for Microsoft Teams
If the Calls tab does not appear in Microsoft Teams, ensure that “Allow private calling” is set to “On” in Microsoft Teams Settings and Services on the tenant.
OfficeMaster Gate SBC Configuration
All hardware and virtual versions of OfficeMaster Gate, which are compatible with firmware 5 and higher, can be used. Firmware versions starting with 5.0 and higher are supported (including media bypass!). In addition, SIP-Line licenses are needed. OfficeMaster Gate Configuration tool 6.26.1474 or newer is required for configuration.
Network and firewall configuration
- The first interface should get a local IP address from the internal network. In addition, the DNS and the default gateway should point to internal resources.
- To connect with Microsoft Teams SBC the second interface (“Adapter #2…”) needs to be configured with a public IP address.

- Now static routes need to point to the public IP addresses for external SIP and media traffic.
- Before these routes can be configured, the firewall must be enabled for both internal and external interfaces. This is done by selecting “Edit – Firewall/Routing.. – New—“. Both interfaces must be added by selecting their IP addresses.

- Usually internal services do not need to be blocked:

- External services require more restrictions – just allow incoming SIP (TLS) connections.
- All other traffic is blocked by this setting.
- To allow SIP and media communications, all known destinations must be defined separately to be routed through the external interface. Therefore, all other (not allowed) traffic would not go through the external interface.

- These IP addresses for SIP and the subnet for media traffic can be found in the Microsoft Direct Routing.
Install Baltimore trusted root certificate
The Microsoft Teams Session Border Controllers use certificates from Baltimore for TLS communications. The root certificate of Baltimore must be added to the trusted root certificates on the SBC. Download the certificate from the Microsoft website.
A developer can add logic that checks for a specific Common Name or thumbprint or only allows a specific Root CA such as “Baltimore CyberTrust Root”. If your application uses these callback functions, you should make sure that it accepts both the old and new Root and Intermediate CAs.
Install SBC certificate
To install the certificate for the SBC public FQDN you need both the certificate and the private key in base64/PEM syntax. On Windows, this data can be converted from the certificate viewer if needed. The certificate can be installed via the OfficeMaster Gate configuration tool. To import the private key, the pem-file must be copied to “/data” as “key.pem”.
Global configuration settings
Most settings in “Edit/VoIP Parameters” can be left at their default values. Options should be set to 60 seconds. Both the SBC FQDN and IP Address must be configured using the newest version of OfficeMaster Gate configuration.

Configure routing rules
A sample configuration is provided in “teams-sample.ofg“(please have a look on OfficeMaster Gate Firmware 5.0 landing page). This file can be opened using the OfficeMaster Gate Config tool. At least four trunk objects must be added.
- Trunk to SIP provider or local IPBX
- 3 trunks to Microsoft Teams (sip, sip2 and sip3)

- Calls from SIP trunk or PBX should be routed in failover mode to these destinations in the order shown in the example configuration.
For information about whether Direct Routing is the right solution for your organization, see the Phone System Direct Routing. For information about prerequisites and planning your deployment, see the Plan Direct Routing.