Microphone and Audio Not Working in Browser During WebRTC Call Transfer on Azure VM (Works Locally)

Question

I am hosting a Node.js based voice calling application on an Azure Virtual Machine. The application enables call transfer from WhatsApp to a browser-based interface using WebRTC / real-time audio streaming.

The application works correctly in a local development environment. However, when deployed to an Azure VM and accessed using the public IP address over HTTP, the following issues occur during call transfer to a human agent in the browser:

• Call transfer is successful • No microphone icon appears in the browser • Microphone permission is not triggered • No audio is heard from WhatsApp to browser • No audio is sent from browser to WhatsApp

Environment details: • Backend: Node.js (Socket.IO based real-time communication) • Deployment: Azure Virtual Machine (Linux) • Access Method: Public IP over HTTP (port 19000) • Browser: Chrome (latest version) • Works correctly on localhost

What I have checked so far: • Application runs and is reachable via public IP • Socket connection is successful • Call signalling works • Issue only occurs with media (microphone and audio stream)

Questions:

1. Does Azure VM networking or firewall block WebRTC media traffic by default?
2. Is HTTPS mandatory for browser microphone and WebRTC media permissions in production?
3. Do I need to configure STUN/TURN servers when deploying WebRTC apps on Azure VM?
4. Are there specific Azure Network Security Group (NSG) rules required for WebRTC audio streaming?

Any guidance or recommended Azure configuration for WebRTC media streaming would be very helpful.

Answer 1

1. Azure VM Networking or Firewall: By default, Azure VMs do not block WebRTC media traffic, but you need to ensure that the necessary ports are open in your Azure Network Security Group (NSG) rules. WebRTC typically uses UDP for media traffic, so you should allow UDP traffic on the relevant ports.
2. HTTPS Requirement: Yes, HTTPS is mandatory for browser microphone access and WebRTC media permissions in production environments. Browsers enforce this security measure to protect user privacy, and without HTTPS, the microphone permission prompt will not appear.
3. STUN/TURN Servers: Yes, configuring STUN/TURN servers is essential when deploying WebRTC applications, especially in scenarios where clients are behind NAT or firewalls. STUN servers help clients discover their public IP addresses, while TURN servers relay media when direct peer-to-peer connections cannot be established.
4. Azure NSG Rules for WebRTC: You need to create specific NSG rules to allow traffic on the ports used by your application. Typically, you should allow inbound UDP traffic on the ports used for WebRTC media streaming, which may include ports 3478 (STUN), 5349 (TURN over TLS), and the range of ports used for RTP (media streaming).

For optimal configuration, ensure that your application is served over HTTPS, configure the necessary STUN/TURN servers, and set up your NSG rules to allow the required traffic. This should help resolve the issues you're facing with microphone permissions and audio streaming in your WebRTC application on Azure.