Configure the VoIP security setting in Exchange Server

Applies to: Exchange Server 2013, Exchange Server 2016

You can enable Voice over IP (VoIP) security for a Unified Messaging (UM) dial plan. By default, when a UM dial plan is created, it will use Unsecured mode or no encryption. Exchange servers can answer calls for single or multiple UM dial plans and can answer calls for dial plans that have different VoIP security settings.

When you configure a UM dial plan to use Session Initiation Protocol (SIP) secured or Secured mode, the Exchange servers that answer calls for the UM dial plan will encrypt the SIP signaling traffic (for SIP secured mode) or both the Realtime Transport Protocol (RTP) media channels and the SIP signaling traffic (for Secured mode).

Important

For on-premises and hybrid deployments, when you configure the SipTCPListeningPort, SipTLSListeningPort, or the UMStartUpMode on a Client Access server running the Microsoft Exchange Unified Messaging Call Router service or a Mailbox server running the Microsoft Exchange Unified Messaging service, you will need to configure the Windows Firewall rules correctly to allow SIP and RTP network traffic.

For additional management tasks related to UM dial plans, see UM dial plan procedures in Exchange Server.

What do you need to know before you begin?

Tip

Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.

Use the EAC to configure VoIP security on a UM dial plan

  1. In the EAC, navigate to Unified Messaging > UM Dial Plans, select the UM dial plan on which you want to change the VoIP security, and then click Edit Edit icon..

  2. On the UM Dial Plan page, click Configure.

  3. In General, under VoIP security mode, select one of the following options:

    • SIP secured

    • Unsecured (default)

    • Secured

  4. Click Save.

Use the Shell to configure VoIP security on a UM dial plan

This example configures a UM dial plan named MySecureDialPlan to encrypt both SIP and RTP traffic.

Set-UMDialPlan -identity MySecureDialPlan -VoIPSecurity Secured

This example configures a UM dial plan named MySecureDialPlan to encrypt SIP but not encrypt RTP traffic.

Set-UMDialPlan -identity MySecureDialPlan -VoIPSecurity SIPsecured

This example configures a UM dial plan named MySecureDialPlan to not encrypt SIP and RTP traffic.

Set-UMDialPlan -identity MySecureDialPlan -VoIPSecurity Unsecured