New Admin Controls for External Bots
Microsoft has introduced a bot protection feature for Microsoft Teams, giving IT administrators and meeting organizers the ability to manage external bots that attempt to join meetings. The feature addresses growing concerns about AI powered note-taking bots that sometimes auto-join future meetings without explicit user consent, creating potential privacy risks during sensitive discussions. The new policy, called “Manage external bots and their access to meetings,” is available in the Teams Admin Center and can be applied to individual users or groups.
Detection and Lobby Segmentation
When the bot detection policy is active, Microsoft Teams uses behavioral and infrastructure signals to differentiate bots from human participants. Detected bots are placed in the meeting lobby and visually separated from verified participants. The lobby now displays two categories: “Waiting – Verified participants and registered bots” and “Suspected Threats – Unregistered or system-flagged bots.” This segmentation helps organizers quickly identify potential risks without manually scanning the full participant list.
Verification and Upcoming Features
Registered bot providers can join a Teams Bot Identification Program to embed a self-identification marker in their join requests, allowing Teams to classify them as verified participants. The update also includes friction points for organizers: no one click admit option for bots, confirmation prompts when admitting bots, and warning dialogs when selecting “Admit All” if bots are in the queue. Microsoft plans to retire the existing CAPTCHA verification system by late August 2026. Future capabilities will include allow lists for pre-approved bots, organization wide policies to block all external bots, and admin audit logs. The feature reached general availability in early to mid June 2026.
Source: Cyber Security News

