Microsoft has introduced an innovative bot protection feature in Microsoft Teams, offering IT administrators and meeting organizers enhanced control over external bots attempting to join meetings. This development addresses rising privacy and security concerns related to AI-driven meeting tools.
Addressing Unintended Bot Participation
As AI-based note-taking bots become commonplace in professional settings, an issue has arisen where these bots join meetings without participant consent. Users leveraging third-party services have reported that related bots might continue to automatically join future sessions, posing surveillance risks during sensitive discussions.
In addition to this update, Microsoft has launched a new presence feature within Teams that refreshes a user’s work location when they connect to their organization’s Wi-Fi.
New Administrative Controls
A new policy titled “Manage external bots and their access to meetings” is now available in the Teams Admin Center, allowing for detailed configuration by user or group. Administrators can choose between two settings:
- Require approval: Bots are detected and placed in a meeting lobby, needing organizer approval before joining.
- Do not detect: Turns off the detection feature entirely.
Bot detection is automatically enabled for all users, providing basic protection without additional setup. Microsoft has improved its ability to distinguish bots from human attendees using behavioral and infrastructure signals.
Efficient Bot Identification and Management
Microsoft is implementing a Teams Bot Identification Program, a system for Independent Software Vendors (ISVs) to register their bots. Registered bots include a self-identification marker recognized by Teams, classifying them as verified participants.
When this policy is active, bots are placed in a meeting lobby, categorized into verified participants and potential threats. This segmentation allows organizers to effectively manage who joins the meeting and mitigate risks.
Additionally, Microsoft has introduced measures to prevent accidental bot admissions. Organizers encounter confirmation prompts when admitting bots, and warnings appear if selecting ‘Admit All’ with bots in the queue. This feature also signifies the phase-out of the existing CAPTCHA system by August 2026.
Microsoft plans to expand the bot management ecosystem with future capabilities such as allow lists for pre-approved bots, organization-wide policies to block external bots, audit logs, and varied security controls. The feature became globally available in June 2026, with GCC environments included in the rollout.
For enhanced security, Microsoft advises setting the meeting option “Who can admit from lobby” to organizers and co-organizers only, preventing unintended bot admissions.
