Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval.
This new feature was first announced in a March Microsoft 365 roadmap entry, when Microsoft said that it would be available across Windows, macOS, Android, and iOS platforms for worldwide standard multi-tenant and GCC cloud environments.
Once enabled, the policy will block malicious apps controlled by threat actors or third-party bots (used for note-taking, transcription, or other automated tasks) from joining Teams meetings, ensuring attendees know a non-human participant has been added.
The policy gives organizations more control and visibility over external bots in their meetings, helping them identify bots more easily and adding safeguards designed to ensure that only the intended participants and tools can join.
“The new policy in the Teams Admin Center, Manage external bots and their access to meetings, can be assigned to individual users or specific groups,” Microsoft said on Monday.
“When enabled, Teams automatically detects potential bots, places them in the meeting lobby, clearly identifies them, and prompts organizers to confirm admission. Even in meetings where organizers allow participants to bypass the lobby, bots identified through this policy will continue to require approval before joining.”
Microsoft is now also planning to add additional admin controls, including allow lists for approved bots, policies to block external bots entirely, admin reports and audit logs on the detection and presence of bots, and more granular controls aligned to different security requirements.
Starting in December, admins can block external Teams users via the Defender portal to prevent cybercrime gangs(including ransomware groups) from abusing the platform in social engineering attacks targeting employees.
Teams has also added new fraud-protection features for calls in January, warning users about external callers impersonating trusted organizations in social-engineering attacks.
The same month, Microsoft announced that Teams would get a call reporting feature by mid-March, allowing users to flag unwanted or suspicious calls as potential phishing or scam attempts.
More recently, in April, Microsoft warned that attackers are increasingly abusing external Teams collaboration for access and lateral movement on enterprise networks, impersonating IT or helpdesk staff to contact employees via cross-tenant chats and trick them into granting remote access to steal data.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.