Microsoft has introduced a new feature in its popular Teams communication platform that aims to prevent malicious third-party bots from joining meetings without approval. This move comes as part of Microsoft’s ongoing effort to enhance security and protect users from social engineering attacks.
The new policy, which can be assigned to individual users or groups, allows organizers to block external bots from joining meetings. Once enabled, Teams will automatically detect potential bots and place them in the meeting lobby, clearly identifying them as non-human participants. Organizers are then prompted to confirm admission, adding an extra layer of control and visibility over external bots.
This development is significant because it addresses a growing concern for organizations: the misuse of Teams meetings by threat actors. In recent months, Microsoft has warned about the increasing abuse of external Teams collaboration for access and lateral movement on enterprise networks. Attackers have been impersonating IT or helpdesk staff to contact employees via cross-tenant chats and trick them into granting remote access to steal sensitive data.
The new policy complements other security features introduced by Microsoft in recent months, including fraud-protection features for calls and a call reporting feature that allows users to flag unwanted or suspicious calls. These measures demonstrate Microsoft’s commitment to ensuring the security of its platforms and protecting users from social engineering attacks.
Microsoft is also planning to add additional admin controls, including allow lists for approved bots, policies to block external bots entirely, and more granular controls aligned to different security requirements. These features will provide organizations with even greater control over their Teams meetings and help them identify potential threats more easily.
For users, the new policy means that they can be more confident in the security of their Teams meetings. However, it’s essential for organizations to stay vigilant and test every layer of their defenses regularly. A recent report found that 54% of successful attacks are identified by security teams, but only 14% are alerted on. The rest often go undetected until it’s too late.
To stay ahead of threats, users should ensure they’re using the latest features and tools available to them. In this case, enabling the new policy in Teams will provide an additional layer of protection against malicious bots and social engineering attacks.
Source: Bleeping Computer — 2026-06-30