In this article, we will enable a user for Teams Direct Routing setup that we have created in the previous steps

Connect a Microsoft Teams PowerShell session

This will ask you to authenticate with a user that has the proper permissions to enable a user and prepare the PowerShell session. You might need to install the Teams PowerShell module if you didn’t do that earlier.

Connect-MicrosoftTeams

Configure The Phone Number and Enable Enterprise Voice and Voicemail Online

The following command is an example of how to assign a number, and enable Enterprise Voice and Voice Mail. Both assigning a number and enabling Enterprise Voice are required to enable a user to use Teams Direct Routing

Set-CsUser -Identity User1@jayslab.online -OnPremLineURI “tel:+17124584557;ext=557” -EnterpriseVoiceEnabled $true -HostedVoiceMail $true

Assign The Voice Routing Policy to a User

This command will assign the Voice Routing Policy that we have created earlier

Grant-CsOnlineVoiceRoutingPolicy -PolicyName “PassAll” -Identity User1@jayslab.online

Assign a Teams Calling Policy

Turning this on will allow users to make calls

Grant-CsTeamsCallingPolicy -PolicyName AllowCalling -Identity User1@jayslab.online

Assign Teams Only mode to users to ensure calls land in Microsoft Teams

This is needed to make sure that the call will land

Grant-CsTeamsUpgradePolicy -PolicyName UpgradeToTeams -Identity User1@jayslab.online

Assign a Dial Plan

Usually, you assign a dial plan to a user to translate dial phone numbers that are being dialed by the user to E.164 format that is required by Teams Telephony. For simplicity and to complete the setup, I am assigning the existing default Dial Plan that doesn’t change any number being dialed.

Grant-CsTenantDialPlan -Identity User1@jayslab.online -PolicyName Global

In this part, we will create an Online Voice Routing Policy and the needed components. You can assign this policy to the users to allow them to make outgoing calls using the on-premise SBC.

For simplicity and to complete the setup. We are creating:

• A “Usage”
• An “Online Voice Route” that is associated with the new Usage and uses our SBC for all outgoing calls
• An “Online Voice Routing Policy” that uses the Usage (this way it will use the new SBC for outgoing calls)

You can improve this configuration by creating more of these 3 voice elements (I cannot explain this part better than Microsoft documentation)

For simplicity also, I am calling each of these components “PassAall”

Preparing the Session

Before you can use any of Teams PowerShell commands, you need to connect the PowerShell to Microsoft Teams Online using the command:

Connect-MicrosoftTeams

Creating a usage

This is how to create a new usage

Set-CsOnlinePstnUsage -Identity global -Usage @{Add=”PassAll”}

Creating an Online Voice Route

The below shows how to create a new Route (Online Voice Route) and associate it with the usage “PassAll” that we have created above

New-CsOnlineVoiceRoute -Identity “PassAll” -Description “PassAll” -NumberPattern “.*” -OnlinePstnGatewayList sbc1.jayslab.online -Priority 1 -OnlinePstnUsages “PassAll”

Creating a new Online Voice Routing Policy

The below shows the creation of a new Online Voice Routing Policy that uses the “PassAll” usage that we have created earlier. This way, this Policy will use the route (Online Voice Route) that we have just created.

New-CsOnlineVoiceRoutingPolicy “PassAll” -OnlinePstnUsages “PassAll”

Now, this “Online Voice Route” is read and can be assigned to the user(s)

Viewing The Newly Created Components on Teams Admin Center

Teams admin center > Voice Routing Policies

You will see the policy “PassAll” that we have created earlier. Click on the “PassAll” policy to open it

The details of the policy will be shown. Under “PSTN usage records”, you will see the usage named “PassAll” is listed

Viewing Voice Routes

Teams Admin Center > Voice > Direct Routing

Click on “PassAll” to view its properties

Under “SBCs enrolled”, which shows the list of SBCs that this route use you will see our SBC list

Scroll Down to view the list of “PSTN usage records”

Click on Cancel to get out of the details of the Voice Route

Accessing Certificates page

On the Web Interface of the SBC, go to the “Tasks” tab

On the “Tasks” tab and expand “SBC Easy Setup”

Click on “Certificates”

This will take you to the “Certificates” page where you can manage the certificates of the SBC

Importing Root CA, Issuing CA, and Baltimore CA

On the Trusted CAs tab (which is the first tab on this page)

Click on the import button

The “Import Trusted CA Certificate” box will be shown

On the Mode, select “File Upload” (you can use Copy and Paste mode if you want to import the certificate as a Base64 text)

Click on Choose File

Select the file of the Root Certificate and click on Open

The filename of the certificate will be shown. Click on the “OK” button

The Web Interface will show you a message that says it will trust a CA. Click on the “OK” button

The newly imported certificate will be listed under the “Trusted CAs” list

Do the same thing to import the issuing CA (both the root and the issue CAs are on the same table and managed in the same way). The only difference is that you need to import the root CA first then the issue CA

Use the same thing to import the “Baltimore” CA certificate (which is required to communicate with Teams Direct Routing servers on Microsoft 365)

The below image shows the root, the issuing CA and “Baltimore” certificates under “Trusted CAs”

Importing SBC Primary Certificate with Its Private Key

Because I have a certificate with its private key with me (already requested and generated on some other system), I am using the option to import it. It is usually with the (*.pfx file) extension

(If you don’t have a certificate, you can generate it using the “Generate CSR” tab)

To import the certificate with its private key, go to the “SBC Primary Certificate” tab

Click on “Import” and select “PKCS12 Certificate and Key” (to import the *.pfx file)

The “Import PKCS12 Server Certificate” will be shown

Click on “Choose File”

Select the file that contains the certificate with its private key and click on Open

Type the “Password” that is used to protect the content of the *.pfx file and then click on the “OK” button

A message will be shown to inform you that you are going to import the certificate. Click on the “OK” button

The certificate will be imported, and its details will be shown

You need to select the correct “host name” and “domain name” that you will be using in your DNS A record (also will be used in the name of the certificate of the SBC. Remember that the domain name part should be a domain that is added to Microsoft 365 tenant.

If you want to change the host name of the SBC, it is better to do that before running the “Easy Config Wizard”. That is because the wizard will create some components that use that name in their config.

For me, I have selected a temporary “host name” and “domain name” during the creation of the SBC earlier. So, I must change them before running the wizard.

Below are the steps to change the “host name” and “domain name”

On the “Setting” tab of the Web Interface of the SBC, go to System > Node-Level Setting

Under “Host Information”, you will see the current “Host Name” and “Domain Name” of the SBC

Change the “Host Name” and “Domain Name”

Click on the “Apply” button

Note:

It is better to restart the SBC after changing the “host name” and/or “domain name”

After completing the previous two steps:

• Add the domain that will contain the SBC to Microsoft 365 (for example, add the domain example.com if your SBC name will be SBC1.example.com)
• Enabling a user in that domain

You can now successfully connect the SBC to Teams Direct Routing

Connecting the SBC using Admin Center

Open “Microsoft Teams admin center”

On the menu on the left side of the portal, expand “Voice”

On the “Voice” menu, select “Direct Routing”

This will take you “Direct Routing” settings page

Click on “SBCs”

Click on the “Add” button

This will take you “Direct Routing\ Add SBC” page where you can define a new SBC with its settings

Type the name of your SBC

Under the SIP signaling port, the port number there is “5067”

I am changing the port to 5061. Which is the default port number that is usually created by the “Easy Setup” wizard of Ribbon SBC when you select the Direct Routing option

Under “Concurrent call capacity”, specify the number of channels you will select in “Easy Setup” wizard.

This number usually equals the maximum number of SIP sessions to your SIP provider.

Don’t forget to turn on the “Enabled” button

Click on the “Save” button at the end of the page

If you haven’t added the domain to Microsoft 365 and enabled a user under that domain, you will get a message similar to the one below

We can’t use the “sbc.domain.com” domain as it hasn’t been set up in the organization. Please try again. If you continue to have problems, contact Microsoft customer support.

As the image below shows

However, if everything is correct, you will get the message “Item was created” as the image below shows

The name of the newly registered SBC will be under the list of SBCs

Note:

The SBC would be shown to have errors because it is not yet configured to work with Direct Routing or the DNS record of type A that should point to its IP has not yet been created

Registering the SBC using PowerShell

Alternatively, you can register the SBC using New-CsOnlinePSTNGateway PowerShell command as the example below shows

New-CsOnlinePSTNGateway -Identity sbc1.jayslab.online -Enabled $true -SIPSignalingPort 5061 -MaxConcurrentSessions 4

After you have registered a domain name, you need to add at least one user with a Phone System license (in my case I am using an E5 license which includes Phone System) and the SIP address of that user should have the FQDN portion of the SIP address matching the created base domain. This is needed to complete the registration of the SBC.

On Microsoft 365 admin center, expand Users > Active users

Click on Add a user

The “Add a user” wizard will be started

Fill in the details of that user, the most important part is that under “Domain” you make sure that you have selected the domain which will be used for registering the SBC

I cleared “Automatically create a password” this allows me to enter the password myself (that is just my personal preference)

I typed the password

I cleared “Require this user to change their password when they first sign in” (that is also my personal preference).

I typed the password and clicked on Next

The user needs to have a Phone System license. In my trial tenant, I have “Office 365 E5”, so I am assigning this type of license to this user

Click on Next

This will take you to Review and finish the page. Where you can check the settings that you have selected

Click on “Finish adding”

The wizard will work on adding the user

The wizard will confirm that the user is added

Click on Close

Now you will be able to see the user in the list of “Active users”. You might need to search the user if you have a big number of users