Recently, Microsoft notified via Message Center that there are two upcoming changes to Teams Direct Routing. These might affect your telephony service based on Teams Direct Routing. As I received the notification I published a tweet which you might have read if you follow me on Twitter.
In case you have telephony with Microsoft Teams Direct Routing deployed, you should ensure that your configuration is alright. Otherwise this can cause your telephony to be affected. Basically, you have to make sure
two four (updated 21.12.2021) things:
- … that your SBC handles replaces correctly because Microsoft’s Phone System will reject SIP messages containing SIP Replaces
- … that your SBC uses valid and supported certificates for the sip trunk towards Microsoft Phone System
- … that your SBC is configured for TLS 1.2 on the Teams SIP Trunk (updated 21.12.2021)
- … that you change your incoming call classification coming from Teams Phone System to your SBC (updated 21.12.2021)
The first notification says “Direct Routing will stop processing SIP requests which have ‘Replaces’ headers” (MC29922) and the second mentions “Trusted certificate authorities for Direct Routing SIP interface are changing” (MC299923). What does this mean?
Trusted certificate authorities for Direct Routing SIP interface are changing (MC299923)
To keep it short and simple, if you do not have supported public certificates your Teams Direct Routing telephony will be offline and you will not be able to make or receive (PSTN) calls at all by February 1, 2022.
That’s why it is very important that you make sure your certificates for Teams Direct Routing on your certified SBC are signed by a (public trustworthy) certificate authority (CA) which is member of the Microsoft Trusted Root Certificate Program. You need to check if the public certificate of your SBC for the Teams Direct Routing leg/s is signed by one of those CAs. So take care and check out the latest list of supported certificates here (recent list), https://aka.ms/RootCert or via the links, below, in the additional resources section.
Direct Routing will stop processing SIP requests which have ‘Replaces’ headers (MC29922)
This change will taking effect earlier, January 3, 2022. In case you plan for longer vacations over Christmas holidays, New Year’s Eve and being out of office beyond January 3, 2022, you might check this before. However, this change is probably not going to tear down your telephony service completely but certain SIP requests containing SIP replaces will fail due to the fact that Microsoft’s Phone System is going to reject it by January 3, 2022. Usually this might impact (only) a few call scenarios, if it affects any at all, depending on your SBC configuration, e.g. call forwarding, attendant call transfer and call pickup. Check out RFC3891 for more details on SIP Replaces.
If you are not familiar with SBCs configuration or what’s configured regarding SIP Replaces you might contact your IT service provider or check out the latest documentation for your certified SBC/s to help you with this.
Note on SIP Replaces on Audiocodes Mediant VE 7.x SBC
The following information is provided as an example and if you apply the change it is on your own risk. Other certified SBCs must be checked as well and might required a minor re-configuration as well.
Audiocodes, for example, has already updated their Mediant SBC deployment guide for Teams Direct Routing (here, 22.11.2021) to align with the new requirement for Microsoft Phone System, as I noticed. It says you have to make a minor change the IP Profile for Microsoft Teams and change the “Remote Replaces Mode” parameter from “Standard” to “Handle Locally” if it was not configured like that.
Please save the configuration before and after the change plus carry out (some) function tests (e.g. make/receive PSTN calls, hold/transfer PSTN calls …) in order to verify your telephony with Teams Direct Routing is up and running after you have implemented this change.
UPDATED 21.12.2021: TLS1.2 enforcement for Direct Routing SIP interface
MC297438 says that TLS 1.0 and TLS1.1 will not be supported anymore. That’s why you must ensure that your SBC is configured to use TLS1.2. You should also verify if the cipher suites which are named in the notification are supported on your SBC. This is planned to take effect on February 1, 2022.
UPDATED 21.12.2021: sip-all FQDNs will not be supported starting March 1st, 2022
Also for Direct Routing deployments, as stated in MC307310, incoming calls from Teams to the SBC will no longer contain sip-all.pstnhub.microsoft.com and sip-all.pstnhub.gov.teams.microsoft.us for classification to accept these calls on the SBC and route it accordingly. Instead you have to re-configure your SBC to use IP-addresses, if you configured above FQDNs and did not done yet change it to 18.104.22.168/14 and 22.214.171.124/14. This is planned to take effect on March 1, 2022.
- Erik Kleefeldt auf Twitter: “🚨 #MicrosoftTeams #calling #telephony updates which might require that you get active 🚨 Check out the latest message center notifications 👇👇👇 https://t.co/wCGmMn5RKX” / Twitter
- MC299922 – Direct Routing will stop processing SIP requests which have ‘Replaces’ headers
- MC299923 – Trusted certificate authorities for Direct Routing SIP interface are changing
- Program Requirements – Microsoft Trusted Root Program | Microsoft Docs
- Configure Direct Routing – Microsoft Teams | Microsoft Docs
- Mediant SBC with Microsoft Teams Direct Routing Enterprise Model (audiocodes.com)
- IETF – RFC3891 – The Session Initiation Protocol (SIP) “Replaces” Header
- MC297438 – (Updated) TLS1.2 enforcement for Direct Routing SIP interface
- MC307310 – sip-all FQDNs will not be supported starting March 1st, 2022