Microsoft Teams Direct Routing AudioCodes Session Border Controllers (SBCs) have usually been setup using one-way TLS (Transaction Layer Security) authentication. Enabling mutual TLS authentication has always been an option. Enabling Technologies (a division of eGroup) has two (2) primary mantras when it comes to application and device security:
In that spirit, Enabling Technologies is recommending that mutual authentication be enabled on all Teams Direct Routing Session Border Controllers.
The instructions for enabling mutual authentication on AudioCodes SBCs have been available in their Teams Direct Routing deployment guides for several years. To enable mutual TLS, you had to download the “Baltimore CyberTrust Root” Certificate into the “Trusted Root Certificate” store of the “TEAMS” TLS Context before you could “flip the switch” to turn it on. This certificate will expire in May of 2025.
Microsoft recently announced the availability of new Trusted Root certificate chains that will ultimately replace the expiring certificate. There are three (3) new chains. The “DigiCert Global Root G2” chain will be used to replace the “Baltimore CyberTrust Root” on SBCs when it expires. Microsoft started to configure their cloud-based services to support both chains this past January. By October all services should support both chains.
What is TLS Mutual Authentication?
Setting up TLS Mutual Authentication on AudioCodes SBCs
Here are the high-level steps for setting up TLS mutual authentication on an AudioCodes Direct Routing SBC. The entire process should take about fifteen (15) minutes to complete. These instructions are the same for firmware versions 7.2.X and 7.4.X for all models of AudioCodes SBCs:
What do you need to do if you already have Mutual Authentication Setup
If you already have TLS Mutual Authentication setup on your SBC: