Recently a Microsoft 365 admin center notification Office TLS Certificate Changes MC343794 caught my attention. First of all, I thought this does not have any noteworthy impact but that is wrong. By June 30, 2022 you must make sure that your apps and systems trust the Root CA DigiCert Global Root G2. Commonly this is not a big deal because your operating systems and browsers usually get this root certificate via update mechanisms. Except you have, let’s say, special configurations. Or you have custom apps and services which only trust what’s required. The latter is and was at least the Baltimore CyberTrust Root CA certificate. Reading this made me think, wait a minute, this is what’s deployed on all session border controllers (SBCs) for Teams Direct Routing since the service was available, as far as I remember.

Source: https://pixabay.com/de/illustrations/sound-welle-stimme-h%c3%b6ren-856770/
Source: https://pixabay.com/de/illustrations/sound-welle-stimme-h%c3%b6ren-856770/

So I started checking the latest Microsoft Teams Direct Routing documentation, which was updated not long ago.

Source: Plan Direct Routing – Microsoft Teams | Microsoft Docs

I did not want to name this article “Microsoft Teams Direct Routing changes you need to be aware of for Q2-Q3 2022” but that’s what we have to do. We need to be aware of and take action otherwise this can impact your custom apps and services. In regards of Teams Direct Routing telephony you must ensure that your SBCs have both mentioned public root certification authority (CA) certificates in place. If not, your Teams Direct Routing telephony might suffer after June 30th, 2022.

Note on adding the DigiCert Global Root G2 on Audiocodes Mediant VE 7.x SBC

The following information is provided as an example and if you follow/apply the guidance/change it is on your own risk. Other certified SBCs must be checked as well and might require adding the certificate as well.

First of all, we need to download the named Digicert root certificate. We can get it directly from Digicert or use the link provided by Microsoft in their documentation.

ALWAYS BE CAUTIONS if you click links to certificates on websites redirecting you to a download something elsewhere. You better be skeptical. You might not want to use the links and instead visit the providers website yourself.

Source: Office TLS Certificate Changes – Microsoft 365 Compliance | Microsoft Docs

On the Mediant …

Source: Audiocodes Mediant VE 7.2… TLS Context for Microsoft Teams
Source: Audiocodes Mediant VE 7.2… TLS Context for Microsoft Teams \ Trusted Root Certificates with as-is Baltimore CyberTrust Root cert

After you uploaded the DigiCert Global Root G2 certificate the trusted root list should include it.

Source: Audiocodes Mediant VE 7.2… TLS Context for Microsoft Teams \ Trusted Root Certificates with newly added DigiCert Global Root G2 cert

We should not forget to click on save at the end on the upper right corner. That’s it.

Additional resources