Microsoft Teams Blocks Uninvited Bots From Meetings
Key Takeaways Microsoft Teams has introduced new bot protection features to prevent unauthorized AI bots from joining meetings. The update provides IT administrators with granular control over...
Key Takeaways
- Microsoft Teams has introduced new bot protection features to prevent unauthorized AI bots from joining meetings.
- The update provides IT administrators with granular control over external bots via a new policy in the Teams Admin Center.
- Bots are now placed in a segregated lobby and require explicit approval from meeting organizers to join.
- This enhancement addresses growing privacy concerns related to AI-powered meeting tools and uninvited surveillance.
Microsoft Teams Enhances Security, Blocks Uninvited AI Bots from Meetings
Microsoft has rolled out a significant update to its Teams platform, introducing advanced bot protection capabilities designed to give IT administrators and meeting organizers tighter control over third-party bots attempting to access meetings. This initiative directly addresses increasing privacy and security concerns surrounding the proliferation of AI-powered meeting tools.
Table Of Content
The integration of AI note-taking bots and similar services into daily workflows has inadvertently created a new security challenge: bots autonomously joining meetings without the explicit knowledge or consent of participants. Users have reported instances where bots linked to third-party services continue to automatically attend subsequent meetings, raising substantial surveillance risks, particularly when sensitive or confidential information is being discussed.
This security enhancement follows a recent update where Microsoft Teams introduced a workplace presence feature that automatically updates a user’s work location based on their Wi-Fi network connection.
New Admin Policy in Teams Admin Center
A core component of this new protection framework is the introduction of a dedicated administrative policy, “Manage external bots and their access to meetings,” now accessible within the Teams Admin Center. This policy offers IT administrators granular control, allowing them to assign it to individual users or specific groups. Administrators can configure the policy with two primary options:
- When detected, require approval before joining (default): This setting ensures that Microsoft Teams identifies incoming bots, routes them to the meeting lobby, and mandates explicit confirmation from the meeting organizer before they are granted admission.
- Do not detect bots: This option completely disables the bot detection mechanism.
By default, bot detection is enabled for all tenants, providing organizations with immediate, baseline protection without requiring any manual configuration. Microsoft has enhanced Teams’ ability to distinguish between bots and human participants by leveraging a combination of behavioral and infrastructure signals, significantly improving detection accuracy.
In parallel, Microsoft is launching a Teams Bot Identification Program, which serves as a registration pathway for Independent Software Vendors (ISVs) developing meeting experiences on the Teams platform. Registered bot providers can embed a self-identification marker in their join requests, enabling Teams to recognize and classify these bots as known, verified participants rather than potential threats.
Enhanced Lobby Experience and Admission Controls
When the new policy is active, detected bots are placed in the meeting lobby and are visually distinct from human attendees. The lobby now categorizes waiting participants into two clear groups for organizers:
- Waiting — Verified participants and registered bots
- Suspected Threats — Unregistered or system-flagged bots
This lobby segmentation allows organizers to quickly assess who is waiting to join and identify potential risks at a glance, eliminating the need to manually scrutinize a comprehensive participant list.
To prevent accidental admissions, Microsoft has also implemented deliberate friction points. There is no one-click “Admit” option for identified bots. Organizers will receive confirmation prompts when admitting participants that include bots, and warning dialogs will appear if “Admit All” is selected when bots are present in the queue.
This new bot protection framework also signals the deprecation of Teams’ existing CAPTCHA verification system, with the CAPTCHA policy slated for complete removal from the Teams Admin Center by late August 2026.
Future Enhancements and Availability
Microsoft has indicated its commitment to further expanding the bot management ecosystem, with upcoming capabilities expected to include:
- Allow lists for pre-approved bots
- Organization-wide policies to block all external bots
- Admin audit logs and detection reports
- Granular controls tailored to diverse security postures
The feature achieved general availability globally in early to mid-June 2026, with Government Community Cloud (GCC) environments receiving the rollout on the same timeline.
What You Should Do
- IT administrators should review the new “Manage external bots and their access to meetings” policy in the Teams Admin Center and configure it according to their organization’s security requirements.
- Ensure the default setting, “When detected, require approval before joining,” remains active for enhanced protection.
- Educate meeting organizers and co-organizers on the new lobby segmentation and the importance of reviewing “Suspected Threats” before admission.
- Microsoft recommends setting the meeting option “Who can admit from lobby” to organizers and co-organizers only to prevent unintended admissions by other participants.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.