Digital certificates are required to allow for encryption in the communications between an environment’s on-site telephony infrastructure and Exchange Online’s UM component (establishing MTLS). Self-signed certificates are not supported for Office 365. In fact, at this time the only root Certificate Authority (CA) that is loaded on the Office 365 session border controllers (SBC) is issued by GTE CyberTrust Global Root. Therefore, the certificate that you load on any SBC that will communicate with Exchange Online UM must also be issued by this CA. Such certificates can be obtained from Verizon Security Services. Microsoft plans to expand the list of supported CAs in the future, but any plans for Exchange Online UM should include this specific CA for certificate planning at this time.
Exchange Online UM Supported Certificates