Advancing trusted calls with Open Verifiable Calling at Microsoft

Every second of every day, someone somewhere is receiving a call labeled “spam.” This persistent issue leads many people to not pick up the phone unless they recognize the number, even if the person calling is a legitimate contact.

Research shows that 75% of consumers ignore calls from unknown numbers, and 92% assume unidentified calls are fraudulent. Meanwhile, phone-based fraud costs businesses more than $1 trillion a year globally, according to the 2024 Global State of Scams Report.

At Microsoft, we saw this issue directly affect our contact center, when our customers didn’t understand that our team was reaching out to address a ticket or follow up on a business need. In turn, some customers would complain that they never received a call back from our team.

“In the past, we were mitigating a lot of things, but now we have a fool-proof plan of how we’ll execute this solution and fix the issue once and for all.”

Annie Drago, senior software engineer, Commercial Engineering and AI

At first, we would contact our phone carriers in the region to ensure our calls were recognized, but this was difficult to implement across all the markets we operate in (more than 100 countries and regions total). So, our team in Commercial Engineering and AI (CEAI)—the engineering organization behind the company’s commercial business—set out to find a globally applicable solution.

Our Support Experience Group within CEAI recently launched a caller ID program in partnership with the Open Verifiable Calling (OVC) Alliance, run by the Global System for Mobile Communications Association (GSMA) Foundry. This framework assigns a verified identity to every call we initiate, no matter where the agent or customer is located—helping us to improve response rates and build trust with our clients.

“In the past, we were mitigating a lot of things,” says Annie Drago, a senior software engineer in CEAI. “But now we have a fool-proof plan of how we’ll execute this solution and fix the issue once and for all.”

Finding a global solution to a local problem

Not long ago, we moved our contact center in-house, using Microsoft Azure Communications Services (ACS). While this was happening, our team noticed that many of their calls to customers were getting marked as spam or blocked because of specific country regulations primarily due to the fact that ACS is a cloud-based solution and not on-premises.

For example, a country might automatically block or mark as spam any call from an international number. Cloud telephony can also make domestic numbers look foreign to carriers, further incentivizing them to mark the call as spam.

“Every country has their own telecom administration,” says Peter Nilsson, a principal engineering leader in CEAI focused on contact center solutions. “Many of them are tightening the noose around phone calls coming into their country.”

Our calling patterns have also changed, making verified calling that much more important.

“We’re doing a lot more outbound calls today than we were in the past,” Drago says. “For the sales line of businesses specifically, when a sales agent makes a call to a customer, it’s very important that a local caller ID is shown, so the chances of them accepting the call are higher.”

As a first step toward getting customers to understand it was Microsoft on the other end of the call, we partnered with telecom carriers in each region to verify the numbers we use there. The carrier could then ensure that the calls from these numbers are handed off to the customer without being flagged as spam or blocked.

“Our objective is to bring in a standard framework for verified calling that could be deployed internationally, instead of having piecemeal, country-by-country standards. It’s very hard to build a solution or technically design anything when you have to take every country into account individually.”

Elaine McNeill, senior tech solutions manager, CEAI

While effective enough for existing markets, this solution wasn’t sustainable, as it required around 40 different pipelines. On top of this, it couldn’t set us up for success long-term when we wanted to enter new markets.

It was at this stage, where we had set up verified calling with each individual carrier but still lacked a simplified, universal approach, that we came across the OVC Alliance.

“Our objective is to bring in a standard framework for verified calling that could be deployed internationally, instead of having piecemeal, country-by-country standards,” says Elaine McNeill, a senior tech solutions manager in CEAI. “It’s very hard to build a solution or technically design anything when you have to take every country into account individually. We’re at the forefront and will be one of the first users of the service.”

Standardizing verified calling across regions

Each call from our contact center now passes a set of credentials to prove the authentic origin of the call. These credentials stipulate that:

• Microsoft has the right to the telephone number that is being displayed.
• Microsoft Corporation is the actual legal entity responsible for the call, using a globally unique legal identifier.
• Microsoft has the right to use the brand that is being displayed.

These credentials were issued directly to us, granting us full control over how they’re communicated. They can also be used across multiple communications as a platform service (CPaaS) platforms, meaning you only need to vet a number once for it to work in multiple countries or for multiple carriers.

The signing service Provenant, our Verifiable Voice Protocol (VVP) partner on the project, controls this verification process.

“Provenant will say, ‘Okay, everything looks good. This is the right ID. This is with Microsoft. Microsoft owns the number,’” Drago says. “Then they send that information in the identity header back to us, and we send it back to the carrier.” From there, the terminating carrier delivers the call to the end party.

Avoiding dropped calls

To ensure that every Microsoft call reaches its desired customer, we had to collect a database of numbers to be validated and certified.

“If I don’t send them that information beforehand, any extra number will be rejected automatically,” Drago says. “With Provenant, we can manually certify our numbers through our own back-end sign-in.”

Another big challenge to standardizing verified calling is ensuring there’s a thorough, consistent, and region-specific vetting process. OVC’s governance model includes vetting agents that verify enterprises like Microsoft in specific regions and for specific communications channels. These agents are overseen by the governance authority, which sets the standards for credentials and can revoke them at any time if enterprises don’t meet those standards.

A future of increased trust

With OVC, we have a carrier-agnostic solution that boosts our reputation on a global scale.

“It’s a business need that we had to solve. And we’ve been able to demonstrate the technology to do that with our partner and our proof-of-concept MVP trial which was showcased at MWC 2026 in Barcelona. Now the hill to climb is to get this as a globally accepted standard.”

Peter Nilsson, principal engineering leader, CEAI

In the future, we hope to not just verify calls so that they aren’t blocked or marked as spam, but also brand them with the Microsoft logo and name. When customers can see right from the get-go that it’s Microsoft on the other end, this can further increase call acceptance rates.

“It’s a business need that we had to solve, and we’ve been able to demonstrate the technology to do that with Provenant and our proof-of-concept MVP,” Nilsson says. “Now the hill to climb is to get this to be a globally accepted standard.”

For other businesses, verified calling can deliver similar acceptance rate improvements, as well as stop impersonators and bad actors from reaching customers. That’s a big factor and a motivator to keep working on this issue.

“You have the opportunity in other sectors to really reduce fraud significantly,” McNeill says.