Configuring Microsoft Teams Direct Routing

Step 1: Check the Requirements

• In order to integrate 3CX with 365/Teams, Microsoft requires an SSL certificate from one of the Microsoft approved certificate authorities. We recommend using SSL.com as Wildcards are not supported.
• Enabled "User Sync" on Microsoft 365 Integration.
• Users of MS365 must have the “Office phone” number in an E.164 format.
• Domain for Teams FQDN should be registered in Domains of the MS365 tenant.
• *.onmicrosoft.com is not supported as the FQDN name of the SBC.
• Port 5062 (or 5061 in some instances) must be opened on the firewall.
• One of the following should be assigned to the MS365 users:

• Microsoft 365 E5
• Microsoft 365 Plan + Microsoft Phone System (add-on) or Business Voice (add-on)

Step 2: Configure Teams FQDN

1. Find your teams domain by accessing the Microsoft 365 admin portal center > Settings > Domains. (e.g. MS365 Domain: contoso.com, Teams FQDN can be: teams.contoso.com)
2. Log in to your 3CX Management Console and go to  “Settings” > “Microsoft 365 Integration” > “Teams Direct Routing” tab and check “Enable Microsoft Teams Direct Routing”.
3. Specify a Teams FQDN that matches the email domain of MS365
4. Navigate to your DNS provider and create a new A record to point  to the static Public IP address of your 3CX installation.

Step 3: Generate a CSR key

In order to integrate 3CX with 365/Teams, Microsoft requires an SSL certificate from one of the Microsoft approved certificate authorities. To obtain a certificate you will first need to generate a CSR key, on which the SSL certificate will be created. We have created a command-line tool to ease this process for you:

1. Download OpenSSL and install.
2. Once installed, run our CSR batch file and fill in the following details:

1. 3CX (Teams) FQDN (e.g. teams.example.com)
2. Organisation Unit, (e.g. IT or Operations)
3. Country Code (e.g. UK, US, AU, DE, FR)
4. Area (e.g. England)
5. City (e.g. London)
6. Company name (e.g. Example Ltd)

3. The tool will then generate the private key to the folder you ran the file from in both notepad format and a *.pem file. Keep this *.pem file as this will be uploaded in the ‘Private Key’ field of the 3CX management console during step 3 of this guide.
4. Navigate to your certificate provider of choice to get the certificate, including all intermediate certificates and private key from the certificate root authority. It must cover the Teams FQDN you specified.

Note: Some providers do not provide a single file with the Certificate including the Intermediate Certificates. In this case we have listed the steps needed in our Teams FAQ.

Step 4: Get an SSL certificate

This example utilizes SSL.com

1. Choose the appropriate level of certificate, the Basic SSL will suffice > Add to cart
2. Once the ‘Show order Transaction’ window appears, click on the “Click here to finish processing this certificate order” at the top of the screen.
3. Grab the notepad file that the CSR tool generated and copy this into the CSR box.
4. Ensure that the auto-populated common name (CN) field matches correctly and click “Next”
5. Under the ‘Domain Validation’ stage, select the drop down boxes and choose your validation option

6. Navigate to the verification email and click on the link contained
7. Enter the 20 character validation code and ensure the green validation bar appears

8. Navigate back to the SSL.com Dashboard and choose the ‘Order’ tab along the top navigation bar
9. Locate your SSL certificate and click on the magnifying glass icon to expand for more details

10. Click to “Download” the Nginx file. You may receive a task bar notification asking if you want to proceed, click “Keep”. Locate the file and rename from .chained to .pem

Step 5: Upload the SSL Certificate to 3CX

After you have created and downloaded the SSL certificate:

1. If not already completed, right-click on the certificate file and rename it to be a  *.pem file type.
2. Under “Step 2” in the 3CX management console, upload your certificate and private key generated using the CSR generation tool in Step 3 of this guide.

Step 6: Open port 5062 on your firewall

In case your Microsoft Teams FQDN is not the same as your 3CX FQDN, then you will have to ensure port 5062 is open. For example, if you have a 3CX FQDN mycompany.3cx.us and a teams FQDN of mycompany.onmicrosoft.com then you will need to open port 5062. See this section in the Teams FAQ if you have a very restrictive firewall policy

Step 7: Configure dial plan and run script

1. Generate the script from the management console.
2. Select your country and area code in the cases that apply. The generated script will be adjusted to format the dialed numbers in scenarios like internal, national, international.
3. Click on “Generate Dial Plan” and save the PowerShell file on your system.
4. Start Windows Powershell as Administrator and ensure that execution policy is set to Bypass.
5. Switch to the folder where the script “teams_dial_plan.ps1” is saved and run.
6. You can verify that the configuration is in place and no errors occur by opening the administration portal of Microsoft Teams.

Step 8: Run scripts for users

This step must be executed each time new users are created and assigned a Teams Phone System license.

1. Click on “Generate Users Script” and save the PowerShell file on your system.
2. Users selected on “User Sync” that meet the requirements (license, phone number format) will be included in the generated script.
3. Review the script for any invalid users that might be commented out. Adjust accordingly and repeat the above steps. There might be a 24 hour delay in the sync.
4. Start Windows Powershell as Administrator and ensure that execution policy is set to Bypass by entering this command:
   
   Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
5. Go to the folder where the script “map_users.ps1” is saved and run.

See Also

• Check our FAQ guide for some answers to popular questions
• Learn how to set up Microsoft 365 Integration.
  

Last Updated

This document was last updated on 20 June  2023

https://www.3cx.com/docs/microsoft-teams-v18/