Applies To
Call2Teams - Partner
Overview
Microsoft have announced they will be making some changes to Teams Direct Routing.
"Trusted Certificate Authorities for Direct Routing are changing"
What do you need to know
This Microsoft change doesn’t impact the platform at all and existing call flows will continue to work as expected.
What does this mean?
When the platform interfaces with Microsoft's Direct Routing endpoint all SIP communication is carried out over a secure TLS connection. This connection uses publicly trusted certificates, those trusted both by the platform and by Microsoft. This allows encrypted traffic to be trusted and decrypted by Microsoft.
Certificates are issued in a tree structure and it's common practice to amend the list of root certificate authorities that are considered trusted. Microsoft is giving notice of altering the list in this announcement.
Further Reading
Microsoft are changing the list of valid root certificate authorities that can be used for secure connections. The list of trusted roots can be found here:
https://docs.microsoft.com/en-us/security/trusted-root/participants-list
The list contains the root certificate the platform uses, ISRG Root X1, and confirms the certificate has the appropriate Microsoft EKU, namely "Server Authentication".
Disclaimer
Please note Qunifi cannot be held responsible for the content of any third-party documentation offered.