What prompts this article is the recent feature enhancement from VOIP.MS namely the opportunity to 
provide encryption on the signaling and voice traffic for VOIP calls through VOIP.MS (VOIP.MS wiki article). To do this, you configure both ends of a SIP trunk for encryption. At the server end, this requires just one mouse click. But at the client end, you have to figure out how to configure the client device accordingly so that both the signaling traffic and the voice traffic will get encrypted in cooperation with the VOIP.MS server. The steps to do this would, of course, be different depending upon the particular client device being used.
This article focuses on the Cisco SPA122 Analog Telephone Adapter. (The instructions provided here would apply mutatis mutandis to the single-line SPA112 ATA.)
The SPA122 is a widely used and extremely reliable two-line VOIP telephone adapter. Until now you might have been using an SAP122 to provide one or two analog telephone lines from VOIP.MS service. Such a connection would have used UDP (not TCP and not TLS) for the SIP signaling, and thus would have been at risk of eavesdropping. Likewise such a connection would not have used SRTP for the voice traffic, and thus would have been at risk of eavesdropping for that traffic as well.
Now comes the opportunity to encrypt both the signaling traffic and the voice traffic with your VOIP.MS service. You can see configuration instructions here.