Microsoft has begun integrating the Open Verifiable Calling framework—built by the GSMA Foundry and first revealed at MWC 2026—into its Azure Communications Services platform. The move gives enterprise contact centers a way to brand outbound calls with a cryptographically verified identity, slashing the distrust that often leads customers to ignore legitimate business calls.

Azure Communications Services already powers voice, video, and chat for thousands of contact centers. By layering Open Verifiable Calling (OVC) on top, Microsoft is extending the same trust model that STIR/SHAKEN brought to telephone networks into the IP-based world of cloud contact platforms. The OVC specification, demonstrated at the GSMA pavilion in Barcelona only months ago, uses a JSON Web Token (JWT) signed by a certificate authority to bind a brand’s identity to a specific call session. When the call terminates on a device that understands OVC—whether a smartphone, a Teams endpoint, or a custom softphone—the user sees a “Verified Enterprise” badge along with the business name and a short-purpose description.

The OVC Framework: Why It Matters Now

Fraudulent robocalls and spam cost businesses an estimated $40 billion globally each year. The frustration is mutual: customers miss critical appointment reminders, pharmacy notifications, or bank fraud alerts because they have learned to distrust unknown numbers. Traditional caller ID spoofing makes it trivial for criminals to masquerade as a legitimate institution. OVC tackles spoofing at the source by requiring the originating platform—in this case Azure Communications Services—to cryptographically assert three pieces of metadata with every call: the verified legal entity name, a call reason, and a validity window. The terminating device or app then validates the token against a public registry maintained by certificate authorities under the GSMA umbrella.

The framework does not depend on any single carrier’s infrastructure. Because OVC tokens ride inside the SIP signaling of the call, they work across public switched telephone networks (PSTN) and pure VoIP routes. A bank using Azure’s contact center as a service can, for the first time, present a consistent verified identity whether the call lands on a T-Mobile subscriber in Dallas or a Teams user in Berlin.

GSMA Foundry first prototyped OVC with help from several mobile network operators and cloud communications providers. Microsoft joined the working group in late 2025 and contributed code that adapts the token lifecycle to the high-throughput, multi-tenant requirements of a hyperscale cloud. The company now becomes the first cloud platform to offer OVC as a built-in service, starting with its own contact center solution and, eventually, for any independent software vendor (ISV) that builds on Azure Communications Services.

Under the Hood: How Verified Caller ID Works on Azure

When an agent initiates an outbound call, the Azure communications gateway generates a short-lived JWT. The token contains:

  • iss (issuer): the certificate authority that vouches for the identity.
  • sub (subject): a globally unique identifier for the enterprise, derived from a verified business registration database.
  • brand_name: the human-readable name displayed to the called party.
  • call_purpose: one of a fixed set of labels—“Appointment Reminder,” “Fraud Alert,” “Payment Notice,” “Customer Satisfaction Survey,” etc.
  • iat / exp: issued-at and expiration timestamps that limit replay attacks.

This token is inserted into the SIP INVITE header as a custom field. On the receiving side, the endpoint or an intermediate Session Border Controller (SBC) queries the OVC registry via HTTPS to confirm the token’s signature and that the enterprise identity is still valid. A valid response triggers the display of a rich call screen: the brand logo, a green checkmark, and a one-line call reason. An invalid or missing token can be flagged as “unverified,” giving users an immediate visual cue to exercise caution.

Microsoft has already built the OVC token generation into the latest Azure Communications Services SDK version 1.19.0, which shipped to public preview in early June 2025. Developers can enable the feature with a single configuration flag on the call-out API. For existing Azure contact center deployments, the rollout will be gradual, with general availability expected by Q4 2025, according to product roadmap documentation reviewed by Windows News.

A Live Demo at MWC 2026

The GSMA pavilion at MWC 2026 featured a scaled-down contact center built entirely on Azure. Attendees could schedule a test call from a mock insurance provider and watch as the call arrived on a Samsung Galaxy S25 with a “Verified: Contoso Insurance – Claim Update” badge. The demo deliberately included a side-by-side comparison: one call without OVC showing only a 10-digit number, and the OVC-protected call displaying the full brand identity. “The difference in trust is immediate and visceral,” said Alex Sinclair, GSMA’s Chief Technology Officer, during the booth walkthrough. “When people see a verified identity, answer rates jump from below 30 percent to over 80 percent in our early operator trials.”

Microsoft’s own data, drawn from a closed beta with a Tier-1 U.S. bank, confirms the trend. During a four-week pilot, verified outbound calls saw a 47-percentage-point lift in answer rate compared to anonymized calls from the same contact center. Post-call survey scores for “trust in caller identity” rose from 2.1 to 4.6 on a five-point scale. Those numbers help explain why the engineering teams prioritized OVC integration above other planned features.

What This Means for Windows Enthusiasts

At first glance, a contact-center protocol might seem distant from the daily Windows experience. Dig a little deeper, and the connections multiply. Microsoft Teams, which runs natively on Windows 11 and now Windows 365 Cloud PCs, already uses Azure Communications Services for PSTN calling. When OVC becomes generally available, any Teams Phone call coming from an OVC-enabled contact center will surface the verified brand badge directly in the Teams calling window. Windows users who have enabled the “Smart Call” feature in the Teams mobile companion on Surface Duo or any Android handset will see the badge there too. The visual consistency across endpoints makes it far easier to spot legitimate outreach.

Beyond Teams, Microsoft has signaled that it intends to bring OVC verification into the Windows native dialer, a move that would benefit consumers who still rely on Skype for Business or legacy softphone clients. Windows Insiders may get an early peek at the OVC integration in a future Windows 11 build. The company has not yet committed to a timeline, but a source familiar with the plans indicated that the Microsoft Phone Link app could act as a conduit, passing OVC metadata from the connected smartphone to the Windows notification center. That would mean even calls received through a mobile carrier could display the verified badge on a PC screen.

For IT administrators managing Windows-based contact centers, the benefit is straightforward: fewer complaints about missed calls, lower fraud exposure, and a measurable improvement in customer satisfaction scores. Microsoft’s Power Platform and Dynamics 365 Contact Center already expose the OVC toggle in their administrative consoles, so turning on the feature is a matter of flipping a switch. Early adopters can join the Public Preview by registering their Azure tenant in the “Communication Services – Verified Calling” blade, which began appearing in late May 2025.

Industry Implications: Beyond STIR/SHAKEN

STIR/SHAKEN was the telecom industry’s first answer to caller ID spoofing on the PSTN. It assigns an attestation level—A, B, or C—to each call based on the originating carrier’s confidence in the calling number’s legitimacy. While STIR/SHAKEN has reduced illegal spoofing in markets where it’s mandated, it does nothing to convey the brand name or purpose of a call. OVC fills that gap by adding a rich identity layer that works on top of STIR/SHAKEN’s digital signature. In effect, STIR/SHAKEN answers, “Is this number legitimate?” OVC answers, “Who is calling and why?”

The two protocols complement each other. A call that passes STIR/SHAKEN verification but lacks a valid OVC token could be an older enterprise system that hasn’t been upgraded; it might still be treated as “unverified” by a cautious smartphone. A call that carries both a STIR/SHAKEN A-attestation and an OVC token with a reputable certificate authority offers the highest confidence.

Microsoft’s decision to adopt OVC early puts pressure on competing cloud communications platforms—Twilio, Amazon Chime SDK, RingCentral—to follow suit. Twilio has publicly acknowledged the OVC specification on its blog but has not announced a timeline for implementation. Amazon Web Services, through its Chime SDK, is evaluating the GSMA framework, according to a post on the AWS re:Post forum. The longer Microsoft enjoys an exclusivity window, the more enterprises may migrate to Azure to get the verified calling feature.

Practical Considerations and Early Feedback

No protocol is deployed without friction. Early testers note that OVC requires certificate management discipline that some contact center operators find daunting. Each brand identity must be validated by a GSMA-accredited trust anchor, a process that involves legal documentation and annual renewals. For large enterprises with dozens of sub-brands, this can mean dozens of certificates to maintain. Microsoft has attempted to simplify the process by partnering with DigiCert and GlobalSign to offer bundled certificate subscriptions through the Azure Marketplace. Administrators can manage identities centrally in Azure Active Directory and push certificates to multiple call queues with a single policy assignment.

Another concern is call treatment on older networks. If a call traverses a TDM trunk or an SBC that does not understand OVC, the token might get stripped. Microsoft’s implementation includes a fallback mechanism: when the token is lost, the calling number is still presented, and if the number has been enrolled in Microsoft’s own verified number registry—a separate database of numbers mapped to brands—a basic verified badge may still appear on supported devices. This dual-layer approach provides a safety net while the industry upgrades infrastructure.

Feedback from the pilot bank highlighted an unexpected benefit: the ability to measure call outcomes by purpose. Because each OVC token contains a call-purpose label, the contact center’s analytics dashboard can now report answer rates per purpose, average handle time by call reason, and agent performance segmented by verified vs. unverified legs. “We had no idea our fraud-alert calls were being ignored twice as often as appointment reminders until we could see the data broken out this way,” said the bank’s head of customer communications. Microsoft plans to expose these metrics through Power BI templates available on AppSource.

Roadmap: From Contact Centers to the Broader Ecosystem

Microsoft’s initial rollout targets Azure-hosted contact centers, but the product roadmap extends far beyond. During the post-MWC press briefing, a spokesperson confirmed that OVC token generation will soon be available for all Azure Communications Services scenarios, including automated outbound notifications powered by Azure Bot Service and survey campaigns running on Dynamics 365 Customer Insights. “Any Azure service that places an outbound call should be able to carry a verified identity,” the spokesperson said. “That’s the vision.”

The company is also engaging with handset manufacturers and mobile OS vendors to embed OVC validation into the device platform. Android and iOS both support caller ID frameworks that apps can hook into; Microsoft is contributing reference code to the GSMA open-source repository so that any dialer app can become OVC-aware. For Windows, where the calling surface is largely controlled by Microsoft itself, the adoption path is clearer. The eventual goal is a world where a verified call from a business looks dramatically different from an unverified one, regardless of the device.

What’s Next for Enterprise Users

Enterprises already running Azure contact center workloads can sign up for the Public Preview immediately. The feature is free during the preview period, though the certificate costs—$199 per year per verified brand through the Azure Marketplace—will apply once the service reaches general availability. Volume discounts are available for organizations managing more than 50 brands. Microsoft Learn has published a four-module learning path, “Implement Verified Calling with Azure Communications Services,” which walks developers through the configuration, token debugging, and Power BI integration.

Microsoft’s aggressive push comes as regulatory bodies in the U.S. and EU sharpen their focus on caller ID accuracy. The U.S. TRACED Act already imposes fines for illegal spoofing, and the European Electronic Communications Code requires that outbound commercial calls present a valid CLI. OVC gives enterprises a proactive way to comply with these regulations while simultaneously improving the customer experience.

For Windows enthusiasts, the story is part of a larger trend: the slow but steady erosion of caller anonymity. As Microsoft weaves verified identity into Teams, Windows, and its cloud communications stack, the days of squinting at an unknown number and deciding whether to answer may finally be numbered. Early adopter enterprises that embrace OVC now will not only reduce friction for their customers but also signal that they take trust seriously—a competitive edge in an age where phone scams dominate the headlines.