Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

Microsoft’s new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings.

Microsoft vulnerability

Microsoft on Tuesday announced a new Teams admin policy aimed at providing organizations with increased visibility and control over external bots joining their meetings.

With AI meeting tools becoming increasingly common, the lack of proper controls creates security and privacy risks, especially when sensitive information is being shared, and the new protections are intended to eliminate that.

To ensure that only intended participants join their meetings, organizations can now assign a new ‘Manage external bots and their access to meetings’ policy to individual users or specific groups from the Teams Admin Center.

By default, Teams now detects bots and asks for explicit organizer confirmation before admitting them to a meeting. Admins also have the option to disable this feature, and Teams will not perform bot detection.

“When enabled, Teams automatically detects potential bots, places them in the meeting lobby, clearly identifies them, and prompts organizers to confirm admission. Even in meetings where organizers allow participants to bypass the lobby, bots identified through this policy will continue to require approval before joining,” Microsoft explains.

The tech giant says it also improved Teams’ ability to distinguish between bots and humans, using behavioral and infrastructure signals.

Advertisement. Scroll to continue reading.

Additionally, Microsoft is providing independent software vendors (ISVs) with the means to register their bots and include a self-identification marker in join requests, so that Teams can identify them as known participants.

Detected bots are visually distinguished from other participants so that organizers can clearly see them in the meeting lobby. Participants in the lobby are now grouped into ‘Waiting’ (verified individuals and registered bots) and ‘Suspected threats’ (unregistered bots).

To prevent the accidental admission of bots into meetings, Teams does not offer a one-click Admit option for identified bots, requests confirmation when admitting bots, and warns when an organizer selects ‘Admit all’ and bots are included.

In light of the new comprehensive approach to managing external bots in meetings, Microsoft is retiring the existing CAPTCHA verification.

Related: Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

Related: AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link

Related: OpenAI Rolls Out Advanced Security for ChatGPT Accounts

Related: Google Rolls Out Cookie Theft Protections in Chrome

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.