Microsoft Teams has introduced new bot protection features, rolling out in June 2026, that require human organizers to explicitly approve external bots before they can join meetings. This update aims to enhance security and privacy by preventing unintended bot access, particularly in discussions involving sensitive information, and replaces the previous CAPTCHA verification system.
Microsoft Teams Bolsters Meeting Security
Microsoft has deployed a significant update to Teams, implementing a new system to control external bots attempting to join meetings. This functionality, described as a "bouncer," ensures that only approved automated participants can enter a meeting, addressing growing concerns over security and privacy.
Addressing Unintended Bot Incursions
The need for stricter bot controls became evident as automated tools, such as transcription and note-taking bots, began joining meetings without explicit organizer consent. This often led to security and privacy risks, especially when sensitive corporate discussions, potentially under non-disclosure agreements (NDAs), were involved. Microsoft product marketing manager Meera Ajam highlighted this issue, stating, "Bots have begun joining meetings that participants never intended them to attend." The new system replaces an earlier CAPTCHA-based verification, which was retired in April 2026 to reduce user friction while modernizing bot protection. The general availability of this enhanced bot detection began rolling out in early June 2026 across various platforms. For more details on managing these settings, consult the official Microsoft Teams documentation on external bot management.
New Human Verification for Bots
The core of this new protection is a requirement for a human organizer to verify and admit a bot from the meeting lobby. Microsoft Teams now employs a combination of behavioral and infrastructure signals to accurately distinguish between human participants and bots. When a bot is detected, it is placed in the meeting lobby, clearly identified, and requires explicit approval from the organizer before it can join.
"Admitting a bot should be a deliberate decision, not something that happens by mistake." — Meera Ajam, Product Marketing Manager, Microsoft
This deliberate admission process is supported by several safeguards:
- There is no one-click "Admit" option for identified bots, preventing accidental entry.
- Organizers receive confirmation prompts when attempting to admit participants that include bots.
- Warnings are displayed if an organizer selects "Admit all" when bots are present in the lobby.
Furthermore, Microsoft is introducing a "Teams Bot Identification Program" to allow Independent Software Vendors (ISVs) to register their bots. This program will enable registered bots to carry a self-identification marker, helping Teams recognize them as legitimate, known participants.
What This Means
For professionals and developers, this update signifies a crucial step towards more secure and controlled virtual collaboration environments. IT administrators gain granular control through a new policy in the Teams Admin Center, allowing them to configure bot handling across their organization. This includes a default setting requiring approval for detected bots, with an option to disable bot detection entirely. While Microsoft's detection capabilities are robust, the company acknowledges that some bots may still evade detection, encouraging users to report any unidentified bots to further improve the system's accuracy. This collaborative approach ensures that the platform continuously adapts to evolving bot technologies, providing a more reliable and trustworthy meeting experience. For ISVs, the upcoming registration program offers a pathway to ensure their legitimate bots can seamlessly integrate into Teams meetings with proper identification.
Key Points
- Microsoft Teams now requires human organizers to approve external bots before they can join meetings, a feature rolled out in June 2026.
- The system uses behavioral and infrastructure signals to accurately detect bots and places them in a dedicated lobby.
- A new administrative policy, "Manage external bots and their access to meetings," provides IT teams with control over bot admission.
- Microsoft is launching a "Teams Bot Identification Program" for Independent Software Vendors (ISVs) to register their bots.
- This update replaces the former CAPTCHA verification system, enhancing security while streamlining the user experience.
The Bottom Line
Microsoft's latest Teams update significantly tightens control over meeting participation, ensuring that automated bots do not inadvertently access sensitive discussions. This move provides greater confidence in meeting security and privacy for organizations. Users should familiarize themselves with the new lobby interface, and administrators should review the updated policies to optimize their organization's security posture against unauthorized bot access. This ongoing evolution of security features underscores the importance of staying informed about platform changes and best practices in the dynamic landscape of digital collaboration.