Exchange Unified Messaging Security Levels
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Office Communications Server uses Exchange Server 2007 Service Pack 1 (SP1) Unified Messaging (UM) to provide voice mail, call notification, and auto-attendant services. An Exchange UM dial plan supports three different security levels: Unsecured, SIPSecured, and Secured. You configure security levels by means of the UM dial plan’s VoipSecurity parameter. The following table shows appropriate dial plan security levels depending on whether MTLS, SRTP, or both are enabled or disabled.
Table 1. VoIPSecurity Values for Various Combinations of Mutual TLS and SRTP
Security Level | Mutual TLS | SRTP |
---|---|---|
Unsecured |
Disabled |
Disabled |
SIPSecured |
Enabled (required) |
Disabled |
Secured |
Enabled (required) |
Enabled (required) |
When integrating Exchange UM with Office Communications Server 2007 R2, you need to select the most appropriate dial plan security level for each voice profile. In making this selection, you should consider the following:
MTLS between Exchange UM and Office Communications Server is the default configuration. Therefore, the dial plan security level of SIPSecuredor Securedis recommended. The use of SIP dial plans with a security level of Unsecured is not supported.
Office Communicator 2005 does not support SRTP. Instead, it uses Data Encryption Standard (DES) media encryption, which is not supported by Exchange UM. If you require Exchange UM to take calls from Office Communicator 2005 clients, you need to set the UM dial plan to SIPSecured. In addition, the Office Communicator 2005 client encryption level must be set to rejected or optional.
If you set the dial plan security to SIPSecured, SRTP is disabled. In this case, the Office Communicator 2007 R2 client encryption level must be set to rejected or optional.
If you set the dial plan security to Secured, SRTP is enabled and required by Exchange UM. In this case, the Office Communicator 2007 R2 client encryption level must be set to optional or required.