Microsoft Trusted certificate authorities for Direct Routing SIP interface are changing
Incident Report for Anywhere365
Resolved
This incident has been resolved.
Posted Feb 28, 2022 - 07:30 UTC
Monitoring
Message from Microsoft:

Message ID: MC299923
Published: 29 November 2021

We're making some changes to the Direct Routing SIP interface.
Starting on February 1, 2022, the Direct Routing SIP interface will only trust certificates that are signed by Certificate Authorities (CAs) that are part of the Microsoft Trusted Root Certificate Program.

How this will affect your organization:
If your SBC certificate is not signed by a CA, you service may be impacted when this change takes effect. Unsupported certificates will not be accepted and you will lose PSTN connectivity via Direct Routing.

Note: Make sure that your SBC certificate is signed by a CA that is part of the program and that the Extended Key Usage (EKU) extension of your certificate includes Server Authentication.

Learn more:
• Program Requirements - Microsoft Trusted Root Program: https://docs.microsoft.com/en-us/security/trusted-root/program-requirements
• Included CA Certificate List: https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT

You can also view this message in the Microsoft 365 admin center.
Posted Dec 01, 2021 - 10:57 UTC
This incident affected: APAC (Direct Routing), AMER (Direct Routing), and EMEA (Direct Routing).