Microsoft on Tuesday announced a new Teams admin policy aimed at providing organizations with increased visibility and control over external bots joining their meetings.
With AI meeting tools becoming increasingly common, the lack of proper controls creates security and privacy risks, especially when sensitive information is being shared, and the new protections are intended to eliminate that.
To ensure that only intended participants join their meetings, organizations can now assign a new ‘Manage external bots and their access to meetings’ policy to individual users or specific groups from the Teams Admin Center.
By default, Teams now detects bots and asks for explicit organizer confirmation before admitting them to a meeting. Admins also have the option to disable this feature, and Teams will not perform bot detection.
“When enabled, Teams automatically detects potential bots, places them in the meeting lobby, clearly identifies them, and prompts organizers to confirm admission. Even in meetings where organizers allow participants to bypass the lobby, bots identified through this policy will continue to require approval before joining,” Microsoft explains.
The tech giant says it also improved Teams’ ability to distinguish between bots and humans, using behavioral and infrastructure signals.
Additionally, Microsoft is providing independent software vendors (ISVs) with the means to register their bots and include a self-identification marker in join requests, so that Teams can identify them as known participants.
Detected bots are visually distinguished from other participants so that organizers can clearly see them in the meeting lobby. Participants in the lobby are now grouped into ‘Waiting’ (verified individuals and registered bots) and ‘Suspected threats’ (unregistered bots).
To prevent the accidental admission of bots into meetings, Teams does not offer a one-click Admit option for identified bots, requests confirmation when admitting bots, and warns when an organizer selects ‘Admit all’ and bots are included.
In light of the new comprehensive approach to managing external bots in meetings, Microsoft is retiring the existing CAPTCHA verification.
Related: Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack
Related: AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link
Related: OpenAI Rolls Out Advanced Security for ChatGPT Accounts
Related: Google Rolls Out Cookie Theft Protections in Chrome

