* Scenario: Voice mail traffic between the telephone system and the Exchange Server environment must be encrypted.
A: Use the EAC to configure Protected Voice Mail from authenticated callers
* In the EAC, navigate to Unified Messaging > UM dial plans. In the list view, select the UM dial plan you want to modify, and then click Edit.
* On the UM Dial Plan page, under UM Mailbox Policies, select the UM mailbox policy you want to manage, and then click Edit.
* On the UM Mailbox Policy page > Protected voice mail, under Protect voice message from authenticated callers, select one of the following options:
* Click Save.
B:
* In on-premises and hybrid deployments, you can configure a Client Access and Mailbox server to use mutual Transport Layer Security (mutual TLS) to encrypt the SIP and RTP traffic sent and received from other devices and servers. When you configure the dial plan to use SIP secured mode, only the SIP signaling traffic will be encrypted, and the RTP media channels will still use TCP, which isn't encrypted. However, when you configure the dial plan to use Secured mode, both the SIP signaling traffic and the RTP media channels are encrypted. An encrypted signaling media channel that uses Secure Realtime Transport
Protocol (SRTP) also uses mutual TLS to encrypt the VoIP data.
* When you're deploying Transport Layer Security (TLS) with UM, the certificates that are used on the Client Access server and the Mailbox server both must contain the local computer's fully qualified domain name (FQDN) in the certificate's Subject Name. To work around this issue, use a public certificate and import the certificate on all Client Access and
Mailbox servers, any VoIP gateways, IP PBXs, and all the Lync servers.