The objective of this guide is to provide answers and insights to help you determine if Microsoft Direct Routing is the right solution for your digital workplace.
What is Microsoft Phone System for Teams?
It’s important to first establish the baseline for this discussion. Microsoft Teams provides the hub for teamwork within Microsoft 365. A key component of Microsoft Teams is the ability to make and receive phone calls via the Microsoft Phone System. The Microsoft Phone System requires calling plans in order to make and receive calls. There are two options for calling plans with the Microsoft Phone System in Teams:
- Microsoft Calling Plans
- Direct Routing
When you pair Microsoft Calling Plans and/or Direct Routing with the Microsoft Phone System, the result is a full enterprise calling experience within Microsoft 365 on a global scale.
What does the Microsoft Teams Direct Routing announcement mean for your organization?
It depends on several factors. Every organization is unique, and the Direct Routing announcement for Microsoft Teams will impact each organization in different ways.
We analyzed our customer conversations over the last 90 days and here are common characteristics for organizations currently demonstrating an above-average interest in Teams, Phone Systems, and Direct Routing.
What is a direct routing for Microsoft Teams?
Direct Routing enables customers to bring their own telecom services into the Microsoft Cloud for the Microsoft Phone System. Prior to direct routing, the only option for telecom services with Microsoft Teams was Microsoft calling plans. Direct routing is important because it provides a solution for organizations to leverage preferred telecom rates and take advantage of the many benefits of Microsoft Phone System with Teams.
What components are required for Microsoft Teams Direct Routing?
For an organization to enable direct routing, the following components are required:
- Microsoft 365 enterprise subscription (E1, E3 or E5)
- Microsoft Phone System Add-On (with E1, E3)
- Session Border Controllers (SBCs) from an approved Microsoft SBC vendor list
- SIP trunks from your telecom/voice provider
The key piece of the direct routing infrastructure is the SBCs. Depending on your on-staff expertise and/or preference for in-house vs. outsourced IT, the SBCs can be deployed.
What are the deployment options for Microsoft Teams Direct Routing?
There are two approved approaches to Microsoft Teams Direct Routing: partner hosted & customer deployed.
Partner Hosted Approach
For organizations that have, or want to start, embracing cloud-based services, the partner-hosted scenario is the correct approach. SBCs are hosted within the communications cloud: ensuring management, uptime and quality of experience.
Customer Deployed Approach
For organizations that have in-house expertise and/or prefer to manage voice infrastructure internally, a customer deployed scenario is the best approach. SBCs are deployed within the customer environment (data centers) and the management and quality of the experience are the responsibility of the internal IT team.
When does it make sense to use Microsoft Teams Direct Routing vs. Microsoft Calling Plans?
- In countries where Microsoft calling plans are not available.
- When customers want to keep their existing telco contract.
- For interoperability with third-party systems (e.g., existing PBXs during the migration).
- To connect analog devices into Microsoft Teams (e.g., faxes, paging systems, elevator phones).
- More flexible billing options.
- When broader coverage than Microsoft Calling Plans is needed.
Is direct routing available with Microsoft Teams only?
Direct routing is only available with Microsoft Teams. For organizations using Skype for Business online, the Direct Routing equivalent is Cloud Connector Edition (CCE). CCE can be deployed in the customer data center or in a partner-hosted model, enabling customers to bring their own telecom and voice services to Skype for Business Online.
Can organizations deploy both Microsoft Calling Plans and Direct Routing?
Yes. It is possible (and supported) to configure users for both Microsoft Calling Plans and Direct Routing. This approach provides the flexibility to control the path a call takes based on the destination phone number dialed. An advantage of this approach is that the SBC can be located locally in the country, so calls will be delivered as local calls.
So what does this mean for your organization?
We have covered a lot of ground in this ebook and now it’s time to figure out what it means for your organization. Of course, this largely depends on your specific situation:
- How many phone systems are you currently managing and how old are they?
- Have you deployed Microsoft 365?
- Do you outsource your IT needs or do you have a DIY approach?
- Do you have global offices? Do you need local support?
- When is your telecom/SIP contracts up for renewal?
- Do you have an office move planned in the next 12 months?
- Do you have complex voice requirements? (e.g., analog devices, contact center, faxes)
With an in-depth discussion about the factors affecting your organization, it’s possible to provide a comprehensive recommendation for your digital needs.
Configure Microsoft 365 tenant for Microsoft Teams Direct Routing
The required steps are documented in detail here.
Connect to Skype for Business Online via PowerShell
After the connection has been established successfully, the list of commands to manage the SBC can be found by executing the command *onlinePSTNGateway in the PowerShell session.
Pair the SBC with the tenant
The PowerShell cmdlet “New-CsOnlinePSTNGateway” associates the SBC with the tenant.
Validate the pairing
Use “Get-CsOnlinePSTNGateway” to see if the SBC is present in the list of paired SBCs. Enable SIP options in OfficeMaster VoIP Parameters (set interval to 60 seconds) and check logs written by the syslog service to see if options were sent and confirmed successfully. In that case, incoming option requests should also be seen.
Enable users for direct routing service
The necessary steps are:
- Create a user in Microsoft 365 and assign the license.
- Ensure that the user is logged in to Skype for Business Online.
- Configure a phone number and enable enterprise voice and voicemail.
- Configure voice routing.
Enable calling for Microsoft Teams
If the Calls tab does not appear in Microsoft Teams, ensure that “Allow private calling” is set to “On” in Microsoft Teams Settings and Services on the tenant.
OfficeMaster Gate SBC Configuration
All hardware and virtual versions of OfficeMaster Gate, which are compatible with firmware 5 and higher, can be used. Firmware versions starting with 5.0 and higher are supported (including media bypass!). In addition, SIP-line licenses are needed. OfficeMaster Gate Configuration Tool 6.26.1474 or newer is required for configuration.
Network and firewall configuration
- The first interface should get a local IP address from the internal network. In addition, the DNS and the default gateway should point to internal resources.
- To connect with Microsoft Teams SBC, the second interface (“Adapter #2…”) needs to be configured with a public IP address.
- Now static routes need to point to the public IP addresses for external SIP and media traffic.
- Before these routes can be configured, the firewall must be enabled for both internal and external interfaces. This is done by selecting “Edit – Firewall/Routing.. – New—“. Both interfaces must be added by selecting their IP addresses.
- Usually, internal services do not need to be blocked.
- External services require more restrictions: just allow incoming SIP (TLS) connections.
- All other traffic is blocked by this setting.
- To allow SIP and media communications, all known destinations must be defined separately to be routed through the external interface. Therefore, all other (not allowed) traffic would not go through the external interface.
- These IP addresses for SIP and the subnet for media traffic can be found in Microsoft Direct Routing.
Install Baltimore trusted root certificate
The Microsoft Teams session border controllers use certificates from Baltimore for TLS communications. The root certificate of Baltimore must be added to the trusted root certificates on the SBC. Download the certificate from the Microsoft website.
A developer can add logic that checks for a specific common name or thumbprint or only allows a specific root CA, such as “Baltimore CyberTrust Root”. If your application uses these callback functions, you should make sure that it accepts both the old and new root and intermediate CAs.
Install SBC certificate
To install the certificate for the SBC public FQDN, you need both the certificate and the private key in base64 or PEM syntax. On Windows, this data can be converted from the certificate viewer if needed. The certificate can be installed via the OfficeMaster Gate configuration tool. To import the private key, the pem-file must be copied to “/data” as “key.pem”.
Global configuration settings
Most settings in “Edit/VoIP Parameters” can be left at their default values. Options should be set to 60 seconds. Both the SBC FQDN and IP address must be configured using the newest version of OfficeMaster Gate configuration.
Configure routing rules
A sample configuration is provided in “teams-sample.ofg“(please have a look at the OfficeMaster Gate Firmware 5.0 landing page). This file can be opened using the OfficeMaster Gate Config tool. At least four trunk objects must be added.
- Trunk to a SIP provider or local IPBX
- 3 trunks to Microsoft Teams (sip, sip2 and sip3)
- Calls from a SIP trunk or PBX should be routed in failover mode to these destinations in the order shown in the example configuration.
For information about whether direct routing is the right solution for your organization, see Phone System Direct Routing. For information about prerequisites and planning your deployment, see Plan Direct Routing.