Microsoft adds smarter bot protection to Teams meetings

In a major boost to Teams meeting security, Microsoft has rolled out a new policy that prevents malicious third-party bots from joining meetings without approval. This feature, which was first announced in March as part of the Microsoft 365 roadmap, is designed to give organizations more control and visibility over external bots in their meetings.

The new policy, called “Manage external bots and their access to meetings,” allows Teams administrators to block suspicious apps controlled by threat actors or third-party bots from joining meetings. Once enabled, the policy will automatically detect potential bots, place them in a meeting lobby, clearly identify them, and prompt organizers to confirm admission. Even if attendees are allowed to bypass the lobby, bots identified through this policy will require approval before joining.

This development is significant because it addresses a growing concern for Teams users: the increasing number of attacks that involve malicious bots impersonating human participants or IT staff to gain access to sensitive information. In recent months, Microsoft has highlighted several instances of attackers exploiting Teams’ collaboration features to steal data and disrupt operations. By giving administrators more control over external bots in meetings, Microsoft is taking a crucial step towards preventing these types of attacks.

The new policy is part of a broader effort by Microsoft to enhance security in Teams meetings. Last month, the company introduced a feature that allows users to flag unwanted or suspicious calls as potential phishing or scam attempts. In January, Microsoft added new fraud-protection features for calls, warning users about external callers impersonating trusted organizations in social-engineering attacks.

For organizations using Teams, this development should be seen as an opportunity to re-examine their meeting security protocols and take proactive steps to prevent malicious activity. By enabling the “Manage external bots and their access to meetings” policy, administrators can reduce the risk of bot-related attacks and protect their users from potential threats.

As Microsoft continues to enhance security in Teams, it’s essential for organizations to stay vigilant and keep their security protocols up-to-date. This includes regularly monitoring meeting activity, implementing robust authentication measures, and educating users about the risks associated with malicious bots. By taking these steps, organizations can minimize the risk of bot-related attacks and maintain a secure collaboration environment.


Source: Bleeping Computer — 2026-06-30