Ever wonder just who reads my blog? Microsoft obviously is. Here's a reply from one of their Program Managers and some additional details that shows why they've actually thought about the issue..
In our Office Communications Server product we use two technologies to protect all of our voice calls: TLS to protect the call signaling and SRTP to protect the voice (media) itself. We have a server we call the A/V Edge Server that allows this secure voice communications to extend beyond the enterprise’s firewall to people who may be working from home, from the road, or from a different company entirely. That server uses something called ICE to make this work through NATs and firewalls. All of these technologies (TLS, SRTP, and ICE) come from IETF standards that are available today. You can find more details in our Security Guide at: http://www.microsoft.com/downloads/details.aspx?familyid=2D1EA693-25E0-43D9-8C5C-0822EF83955A&displaylang=en
Here is a picture that might help explain (from the Security Guide on pg. 26):
There’s a ton of detail in there that might seem like an acronym soup at first.