Direct Routing in Microsoft Teams IT Pro Academy Recap

Here’s the October 2018 updates of Direct routing in Microsoft Teams video posted on YouTube from Coffee in the Cloud.

I watched the preview session so keen to look at the updates from that session and catch up on Direct routing.

Session is posted here


Presented by Thomas Binder, Senior Product Manager in the Teams product Group.


Housekeeping on this deck for additional resources, feedback and note Office 365 is constantly evolving.

This is October 2018 version of this presentation.

Key Learnings


You should know about Teams and Phone System (Previously Cloud PBX)

Direct Routing allows

  • Use of existing PSTN connectivity
  • SBC can hosted by partners and carriers
  • When configuring your own SBC follows the vendors documentation



What is Direct Routing ?


Lets start with Enterprise Voice in the Cloud (Office 365)

We have

Microsoft Teams and Office 365 – Hub for Teamwork

We can add

Phone System (additional licence or included) – Give us PBX functionality


We don’t have PSTN connectivity to Phone System

  • Calling Plans
  • Direct Routing in Teams



Direct Routing in Teams


Lower Right we have a Teams User connected to Office 365 using Phone System over the internet

Phone System is connected to certified SBC that could be connected to other PBX’s or ATA and SBC is connected to PSTN trunk

If user places call we connection via

Phone System > SBC > PSTN

Customer Example


Multi national company

Sold on the value of Teams and make calling the endpoint for users

Call centre in Netherlands –call centre will remain on the existing PBX

First look at where are users located against Microsoft Calling Plan availability


Calling Plan available in select number of countries

Special Considerations


Netherlands has consideration for pbx intregation for call centre


Solution mix of Calling plans and Direct Routing

Benefits of Direct Routing


  • Interop with PBXs and third party systems
  • Teams Calls routed to PBX via SBC
  • Leverage existing contracts with PSTN providers. Existing provider gives good PSTN call rates.
  • In Teams with phone system each user will have a telephone number and directly avialble to be called
  • Use Direct Routing where Calling Plans is not available.
  • Can combine with Calling plans and chose what numbers use Calling and which use Direct Routing
  • Less hardware compared to SfB with Cloud Connector Edition (CCE)


Direct Routing Considerations


Services numbers are for services in Phone System

Call Queues

Auto Attendant

Audio Conferencing

Can not use Direct Routing number for service numbers.

If you need to porting maybe and option

SfB Hybrid required users homed Online to use Direct Routing – this is to be confirmed as far as i know SfB cant use Direct routing and its Teams Only. Will update this when confirmed.

Direct Routing Flows




There are three separate networks

  • Office 365 – run by Microsoft – deliver O365 to customers
  • Internet – users using Microsoft Teams outside the corporate network
  • Corporate Network – users using Microsoft Teams inside the corporate network , SBC and PSTN (PBX or PSTN Trunk)


Signalling will ALWAYS travel to Office 365 to Call Controller


Doesn’t matter if user is internal or external the signalling path will always be the same



It will also travel between Office 365 (SIP Proxy) with the SBC

The SIP Proxy is using SIP between your SBC and the SIP Proxy


SBC to PSTN next hop

Media (No media bypass)


Media is actual audio from users and SBC

This slide is without media bypass.

(Note Media bypass is not available to customer as of yet however this is testing and should be shipped soon.)

Again three networks


Internet user sends media traffic to Office 365 (Media Processor)


Traffic is not set over all public network it will send use to entry point of Office 365. As soon as traffic is on O365 network its on high capacity network.


Office 365 network optimised for Teams Traffic

Internal user


Media over the internet over the internet

Internal network should be corporate so should be optimised as possible for media to go direct


Media Processors in North America, Europe and APAC datatcentres


Traffic will flows from Media Processors to SBC


From SBC to the PSTN next hop

Voice Routing


How users can dial phone systems and how the system decides where to route the call to

Dial Plans


Dial Plans normalise phone numbers

PSTN networks expect E164 format

Built in rules as part of dial plans to translate dialled phone numbers into E164

Customer can have custom dial plans for example can remove users having to dial area codes, the dial plan will add this for them.

Voice Routing Basics


Once a user has dialled a number and number if normalised how will Teams decide how to route it ?

Above example user in Germany dials the number

First things

Is there a voice routing policy for this user ?


If not


Does user have Calling Plan assigned ?

If no Voice routing policy and no calling plan the call will fail


If there is a calling plan then first the system check is this a domestic or international Calling Plans



In this example the user has domestic plan only and domestic calling plan would cover Germany only. The user in the example is dialling a US phone number so the call will fail.


If the user has an International Calling Plan then the call will succeed via Microsoft Calling Plans.

Direct Routing


If the user does have a Voice Routing Policy assigned to them then there are different pstn usages.

PSTN Usages evaluated in Order

Each PSTN usage may have multiple PSTN routes.


No Match it means no Voice Routing policy to dial this and go back to check for calling plans.


If at least one route matches the dialled pattern then route via SBCs in the route.

Each route can have multiple SBCs for load and failover.



If SBC available then call is succeeds via Direct Routing


If all SBCs are unavailable then the call will fail

Planning for Direct Routing



First do you want to host SBC yourself or a hoster ?

Licences you need ?

What SBC to use ?

Configure FQDN and Certificates

Firewalls ?

Single of multiple SBC ?

Partner to Host SBC ?

Self Deployed or Hosted SBC


Do you want to host the SBC in your data centre ? or look at a partner hosting the SBC for you ?

Benefits of Self

– Full control

– Configure when you need

– Connect to existing PBX

BUT You need to host, update and maintain it

Cost maybe beneficial for partner to host.

Note when working with Partner there no certification program from Microsoft

Be sure to understand the cost structure, service charges, support process, partner archiecture, SBC qualifed by Microsoft ? Do some test ?



Teams licence required to use Teams

Phone System either as add on or included in E5

Calling Plan – optional and add on for Phone System

Audio Conferencing – Optional required to add PSTN phone number to an existing PSTN call – currently in validation



Connects Teams to PSTN next hop

Cerification program for SBC with third party lab to ensure if interconnects with Teams for service and quality

Joint support process with SBC vendors

Three validated partners

Up to date list can be found at



Important the domain of FQDN is registered with Microsoft

Cannot use .onmicrosoft domain name

Has to be vanity domain name

Cant add sub domains such as you would have to add the subdomain.



Used to validation the trusted SBC


FQDN of the SBC and proves this the servers its supposed to be.

Only you own the domain name

Only you own the SBC

Single SBC you add the name of the SBC in the subject name

Multiple SBCs there are different options

In example with 4 SBCs were you want to minimise costs you add one of the SBCs in subject name and *.domain for the SANS

Or Single Cert with multiple SBCs names

Or a single cert per SBC – more secure

If you add more SBCs you would have to updates certificates.

List of certified certificate providers

IP Ranges and Ports


SBC Requirements are different from Teams Client

SBC Public IP or NAT


1- signalling between SBC and SIP Proxy in Office 365 via SIP

2-Ports on SIP Proxy are preconfigured by Microsoft

SIP Ports you configure following SBC vendors

FQDN and IPs for SIP Proxies

Doesnt matter what location SBC must talk to all SBC proxies

Media Ports – Media Processors to SBC

SBC to Media Processors

Media Processors defined and in IP Ranges

SBC will talk only to trusted network on these specified ports

Recommend SBC to only to talk to these Ports and IPs

Leverage Multiple SBCs


Group SBCs in Single voice route and load distributed. If one down load taken by other SBCs

Use preferred voice route to send to specific SBCs

DR – lose all US SBCs, most important users go via Europe. Voice routes to specific users.

SBCs for multiple Tenants

For partner or hoster


Two parts of config

  • Hoster
  • Customer

Enable at least one user in subdomain

Hoster tenant is standard O365 Tenant


Adatum is the hoster

Adatum default domainis

Adatum register domain (Carrier base domain name)

Three customers Woodgrove Bank, Contoso and Adventure Works

Each customer creates an additional domain from the carrier

Adatum can use a single SBC with single certificate for multiple customers





TLS 1.2 is required TLS 1.0 and TLS 1.1

SIP Options SRTP configured

Configuration will be SBC vendor specific

Please check for SBC configuration details

Once SBC is Configured you need to Pair it with Phone System


Done via PowerShell



new or set-csonlinepstngateway

SIP Signalling Port – listening port on SBC

Enabled – allows to take SBC out of service, incoming will be accepted.

Forward PAI – used for billing purposes. default false

ForwardCallHistory – Call Forwarding and used for billing.


SIP Options Enabled – Allows SBC and Teams to communited and send sip options to learn if SBC is available or not. Recommend ON if OFF teams may not know an SBC is down.

Max Conncurrent – set limits for SBC

FastFailvoerTimer – detect is SBC not available and failover to another SBC.

User Provisioning


Need SfB Plan 2 licence


Phone System

Phone number dependent on if Direct Routing Only

Calling Plans – phone number comes from Microsoft or port numbers to Microsoft

Routing – admin configured

Configure Call Routing


User at least on Voice Routing Policy


Example Configuration

One Gateway and one route


Pair Gateway

using new-csonlinepstngateway

We define the PSTN FQDN, sip signalling port on the SBC and Enabled True and used

Create PSTN Usage


In this example it allows calling of all numbers and is called unrestricted


Voice Routes


Accept all number dialled and will match this match this route and provide the SBC with priority and link to to PSTN Usage for unrestricted.

Voice Routing Policy


This is where we link to the user

new-csonlionevoiceroutingpolicy and link to unrestricted pstnusage

Grant to user with grant-csonelinevoiceroutingpolicy

Now this user can dial any number and it will be routed via SBC1

Advanced Configuration

6 SBCs in three different locations

register first two SBCs


create first PSTN Usage


US and Canada PSTN Usage


Voice Route for +1425 route via Redmond 1 route and we have SBC 1 and 2

If call matching this patterns calls sent to SBC 1 and 2

We add second set of SBCs


SBC 3 and SBC 4

Give same number pattern and create new voice route Redmond 2 with priority 2


All calls should go to SBC 1 and 2 if SBC 1 and 2 not available calls should go to SBC 3 and 4

Add two more SBCs


SBC 5 and SBC 6

Add another route for any other calls starting +1

Add SBC 5 and 6 and add to same online pstn usage

Create Voice Routing Policy and assign to user


Managing Direct Routing



User and SBC – Call Quality Dashboard and Call Analytics


SBC Logs


SBC and Teams


SBC and PBX – PBX Logs


PSTN Provider

Common SBC Configuration Issues


TLS Errors  – SBC needs TLS 1.2

Failed to verify peer certificate – baltimore certification missing

403 Forbidden – contact header not defined. Office 365 expects to come from FQDN configured or typo

Key Learnings



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.