
Microsoft is tightening up meeting security in Microsoft Teams with a new bot protection experience that gives admins and organizers much more control over who—and what—joins their calls. It’s rolling out now and will eventually replace the older CAPTCHA‑style verification that many organizations had configured in their meeting policies.
Microsoft wants fewer “surprise” bots in your meetings
AI note‑taking and meeting assistants have gone from novelty to normal in just a couple of years, but they’ve brought a new headache with them: bots that keep showing up in meetings you never meant them to attend. If you’ve ever connected a third‑party service once and then watched its bot mysteriously join future calls on autopilot, you already know the problem Microsoft is trying to solve.
In a new post on the Microsoft Tech Community introducing “smarter bot protection in Microsoft Teams meetings,” Microsoft explains that unexpected bot participants aren’t just annoying—they’re a potential security and privacy risk, especially when teams are discussing sensitive topics. Organizations need confidence that only the right people and tools are present in their conversations, and this new experience is meant to deliver exactly that.
A new admin policy: “Manage external bots and their access to meetings”
At the heart of the update is a new policy in the Teams admin center called Manage external bots and their access to meetings. Admins can assign this policy to individual users or groups, giving them fine‑grained control over how external bots are handled for different parts of the organization.
The policy has two settings:
When detected, require approval before joining (default) – Teams detects bots, places them in the lobby, clearly labels them, and requires the meeting organizer to explicitly approve them before they’re allowed in.
Do not detect bots – Turns off the experience, leaving bot handling to existing meeting rules.

Do not detect bots
Even if organizers configure their meetings so that participants can bypass the lobby, bots flagged by this policy will still be forced into the lobby and require manual approval. Microsoft also recommends setting “Who can admit from lobby” to organizers and co‑organizers only so that no unintended participant can let a suspicious bot in by mistake.
Smarter Microsoft Teams bot detection using signals and registration
To make all of this work, Microsoft has improved how Teams tells bots apart from real people. The service now uses a mix of behavioral and infrastructure signals when participants attempt to join, boosting its ability to recognize non‑human attendees.
On top of that, Microsoft is introducing a new Teams Bot Identification Program for independent software vendors (ISVs) that build meeting experiences on Teams. Bot providers will be able to register their solutions with Microsoft and add a self‑identification marker to their join requests. When Teams sees that marker, it can treat the bot as a known entity rather than a mystery guest, giving admins and organizers clearer information about who’s trying to join.

Microsoft is currently previewing this registration flow with a limited set of ISVs to validate the experience before rolling it out more broadly, and it plans to publish more details about the process as the program matures.
Clearer visibility in the lobby: “waiting” vs “suspected threats”
Once bots are detected, they’re no longer buried in a long list of names in the lobby. Instead, Teams now visually distinguishes them and groups lobby participants into two high‑level categories:
Waiting – Verified or standard participants and registered bots.
Suspected threats – Unregistered or system‑identified bots that might pose a risk.
This makes it much easier for organizers to scan the lobby and immediately see who’s waiting and which entries might need a closer look. Rather than hunting through a flat list of attendees, they can focus on the “suspected threats” group when making admission decisions, which should reduce the chance of quietly letting in a bot that shouldn’t be there.

Extra safeguards to prevent accidental bot admissions
Microsoft is also adding friction around the actual decision to admit bots from the lobby. The goal is simple: admitting a bot should always be a deliberate choice, not something that happens because someone clicked the wrong button.
Key safeguards include:
No one‑click Admit option for identified bots, so you can’t accidentally let them in with a casual click.
Confirmation prompts when admitting participants that include bots, reminding organizers that they’re about to grant access to a non‑human attendee.
Warnings when organizers use “Admit all” and bots are part of the group being admitted.
These prompts and warnings are designed to catch the “fast click” scenarios where organizers are just trying to get the meeting started and might otherwise overlook the bot in the lobby list.

Retiring CAPTCHA and rolling out the new experience
As this new capability rolls out, Microsoft is beginning to retire the existing CAPTCHA‑based verification experience that previously helped confirm certain meeting joiners. The company says the new bot detection and lobby‑based controls provide a more comprehensive way to manage external bots than the older CAPTCHA flow ever could.
The rollout starts in June and continues as the bot identification and policy features light up across tenants. Admins should expect to see the Manage external bots and their access to meetings policy surface in the Teams admin center and start planning how they want it configured for different user groups.
What’s coming next: allow lists, blocks, and audit logs
Microsoft stresses that this is “just the beginning” of its work to give organizations more transparency and control over bot participation in meetings. The company is already exploring several future enhancements, including:
Allow lists for approved bots that admins explicitly trust.
Organization‑wide policies to block external bots altogether for high‑security environments.
Admin reports and audit logs that show when bots were detected, present, and admitted during meetings.
More granular controls aligned to different security requirements across departments or industries.
As AI continues to change how teams collaborate—especially around note‑taking, transcription, and real‑time insights—Microsoft’s message is that transparency and control must evolve alongside those experiences. With this new bot protection framework in Teams, the company is betting that customers can embrace AI‑powered meeting tools with more confidence, knowing they retain clear visibility into who’s joining their calls and the power to keep unwanted bots out.
RELATED POSTS YOU MIGHT LIKE
- Big Microsoft 365 Price Hike Kicks In Today: What It Really Means For Your Business
- Exciting XBOX Indie Selects July 2026: 5 Must-Play Indie Games to Heat Up Your Fun Summer
- How to Join the New Windows Insider Program (and Switch Channels) on Windows 11
About The Author
Discover more from Microsoft News Now
Subscribe to get the latest posts sent to your email.




