Hello,

we are still an Exchange on-prem company. Our MXs are running Exchange Edge 2019. There is no hybrid in place.

Our department responsible running our PBX systems want to migrate our legacy PBX systems to Teams. During tests we ran into to following:

Teams to Teams calls going to voicemail are getting delivered to the inbox of the user.

Voicemais from phone numbers to Teams are getting blocked by Exchange Edge SenderIdAgent.

2022-05-06T09:26:48.526Z,08DA29C47ADB060A,10.10.10.22:25,104.47.2.56:6284,104.47.2.56,,noreply_skype_voicemail_1f47ba59-036a-4809-a3ee-ae162cd7a1c1@company.com,+35212222222222;,user@company.com,1,Sender Id Agent,OnEndOfHeaders,RejectMessage,550 5.7.108 SenderIdAgent; Missing purported responsible address,MissingPRA,No valid PRA,,1e88da3f-b49e-45de-4ae6-08da2f428bbf,,Incoming

After minimal research we found out that it is true that the voicemails sent from Teams have a FROM address which is not formatted in a RFC compliant manner:
Voicemail messages aren't delivered in Teams or Skype for Business client - Skype for Business | Mic...
"The primary issue that affects third-party email systems is that the FROM address is formatted for PSTN calls in a non–RFC-compliant manner."

Microsofts workaround for symptom 1
"Add the Cloud Service IP addresses listed at Office 365 URLs and IP address ranges in an SPF record."

We did that, but Edge still does not accept the messages. We doublechecked the record, it is valid.

Microsofts alternative recommendation is:
Alternatively, create a transport rule to bypass the spam filtering for Cloud Voicemail coming from them."

So my questions are:
What IP addresses do we need to whitelist on Edge?
It looks like that you have to whitelist the whole O365 universe and our company doesn't want to do that. What if another account/tenant in O365 gets compromised and starts sending spam towards our org?

What's the best way to solve this?

Thank you and have great day!