The Point: CISOs can now block external bots system-wide and automatically route them to the meeting lobby, where the organizer must grant explicit approval – with upcoming whitelist and audit features.
Microsoft has deployed an administrator policy in the Teams Admin Center that prevents external bots from participating in meetings unless the organizer explicitly approves them. The feature is now available across all platforms and targets malicious or unauthorized automation tools.
The new policy “Manage external bots and their access to meetings” is configured in the Teams Admin Center and can be assigned to individual users or groups. Once activated, Teams automatically detects potential bots when they attempt to join and routes them to the meeting lobby. The system identifies the bot and prompts the organizer for explicit confirmation before entry is granted. This applies even in meetings where the lobby is normally bypassed.
The measure addresses a growing risk: malicious or unapproved automation could pose as note-taking or transcription tools to gain access to meeting content. Organizations with strict access controls – such as those in the financial or healthcare sectors – benefit from this central policy, which prevents individuals from accidentally allowing uncontrolled tools into meetings.
Microsoft has already announced additional features: whitelists for trusted bots, the ability to completely block external automation, and detailed audit logs and reports on detected bot activities. These extensions are intended to give CISOs more granular control and better transparency.
The feature is supported by a suite of additional Teams security updates: in December, the ability to block external users via the Defender portal was introduced. In January, protection against call impersonation was added, and since March, users can report suspicious calls to their organization. In April, Microsoft warned of a campaign in which attackers pose as IT helpdesk in Teams to exploit cross-tenant chats for remote access and data theft.
Source: www.it-daily.net · Published 1 July 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.