MC1280563: 24-hour test that switches Microsoft Teams Direct Routing SIP endpoints to certificates issued by a new CA.

Home » Update » MC1280563: 24-hour test that switches Microsoft Teams Direct Routing SIP endpoints to certificates issued by a new CA.

Table of Contents

Summary
History
Microsoft Message
Introduction
When this will happen
How this affects your organization
What you can do to prepare
Compliance considerations

Summary

Microsoft Teams Direct Routing will switch to certificates from a new Certificate Authority during a validation test.
Organizations using Teams Direct Routing with SBCs for TLS connections may experience connection failures if SBCs do not trust the new Root CAs.
This may impact PSTN calling for affected tenants.
Administrators should ensure SBCs trust the required Root CAs and update certificate trust stores if necessary.
Voice administrators and helpdesk teams should be notified about this planned test.

Admin Impact: High
User Impact: Low
Release Start: 28 Apr 2024
Release End: 29 Apr 2024
Services: Teams
Category: Stay informed
Tags: Admin Action

History

4/15/2026 Item Added to Message Center

Microsoft Message

Introduction

To improve certificate lifecycle management and maintain secure connectivity for Microsoft Teams Direct Routing, Microsoft will run a time-limited validation test that transitions Teams Direct Routing SIP endpoints to certificates issued by a new Certificate Authority (CA). This test helps ensure customers are prepared for future certificate changes and reduces the risk of unexpected service disruption.

When this will happen

Start: April 28 at 9:00 AM UTC
Duration: 24 hours

How this affects your organization

Who is affected

Organizations using Microsoft Teams Direct Routing with Session Border Controllers (SBCs) configured for TLS connections to Teams SIP endpoints.

What will happen

During the 24-hour test, Teams Direct Routing SIP endpoints will gradually switch to certificates issued by a new CA.
If your SBC does not trust the previously communicated Root CAs, TLS connections to Teams SIP endpoints may fail during the test window.
TLS connection failures could impact PSTN calling for your tenant.

What you can do to prepare

Verify that your SBC trusts the previously communicated Root CAs required for Teams Direct Routing.
Update SBC certificate trust stores if needed.
Review the What’s new for Direct Routing documentation for required Root CAs.
Notify voice administrators and helpdesk teams of this planned test.

Compliance considerations

Encryption methods or key management: Yes – The test involves certificates issued by a new CA, affecting TLS certificate trust for Direct Routing.