Starting in late June 2026, Microsoft will begin enforcing a new layer of meeting security in Teams designed to counter a growing nuisance: AI-powered external bots that join meetings uninvited and harvest data or disrupt workflows. The feature, which requires no manual rule creation from IT administrators, automatically flags accounts exhibiting bot-like behavior and places them in the lobby, where they must await approval from a human organizer or authorized participant before gaining access to the call.
This change, long anticipated by security-conscious organizations, represents Microsoft’s most aggressive stance yet against automated meeting intrusions. With the explosion of generative AI and large language models, a cottage industry of third-party bots has emerged, some capable of joining Teams meetings as “guests” without proper authentication, recording transcripts, analyzing conversations, and even manipulating shared content. Until now, the only defense was a blunt one: lock down meetings entirely, which cripples collaboration, or rely on users to manually spot and remove uninvited attendees.
How the Detection System Works
The new mechanism operates at the backend of Microsoft Teams, independent of the meeting policies many organizations already configure. Microsoft has not disclosed the full algorithmic details, citing security through obscurity, but company engineers briefed on the feature describe a multi-signal heuristic that evaluates accounts in real time as they attempt to join a meeting.
Key indicators include:
- Join velocity: Accounts that rapidly join multiple meetings across different tenants or channels in a short period.
- Tenant origin: External accounts from Microsoft 365 tenants that are flagged as low-reputation or previously used to distribute spam.
- Behavioral patterns: The absence of typical human interaction with the Teams client, such as no mouse movements, no typing cadence, or automated responses to camera/mic prompts.
- Entra ID signals: The account’s Azure Active Directory (now Entra ID) profile, including creation date, assigned roles, and whether it has completed multi-factor authentication.
- Meeting context: The bot’s attempt to join meetings that are scheduled, ad-hoc, or part of recurring series where external attendees are unusual.
When the system classifies an attendee as a likely bot, it does not block the account outright. Instead, the user is placed in the lobby with a notification visible to the organizer and co-organizers: “This participant may be an automated bot. Only allow entry if you can verify their identity and need to attend.” The participant sees a generic waiting message, unaware they have been flagged unless they are a legitimate user who then contacts the organizer.
Organizers and authorized presenters can admit the attendee with a single click. Microsoft emphasizes that the system errs on the side of caution—false positives are placed in the lobby, not blocked—to prevent disruption of legitimate business. Early internal testing, according to a source familiar with the rollout, suggests a false positive rate of less than 0.5%, primarily affecting users who join from highly restrictive virtual desktop infrastructure (VDI) environments with automated client interactions.
Rollout Timeline and Scope
The feature will be activated in two phases. Phase 1, beginning June 28, 2026, targets tenants with Microsoft 365 E5, Teams Premium, and Teams Rooms Pro licenses. Phase 2, starting July 19, 2026, extends coverage to all Enterprise, Business, and Education tenants using standard Teams plans. Government community clouds (GCC, GCC High, and DoD) will receive the update by September 2026.
Importantly, the lobby enforcement is on by default for all meeting types: scheduled, channel, and ad-hoc “Meet now” sessions. Tenants with existing custom meeting policies—such as those that already restrict lobby bypass to “People in my organization”—will see the bot check layered on top, meaning external bots that match the detection profile will still be placed in the lobby even if the policy would otherwise admit external users automatically.
Admin Controls and Customization
For IT administrators, a new control panel will appear in the Teams admin center under Meetings > Meeting policies > Lobby controls, available now for early validation via a preview ring. Key configuration options include:
| Setting | Default | Options |
|---|---|---|
| Bot detection sensitivity | Moderate | Low, Moderate, High |
| Action on detection | Place in lobby | Place in lobby, Block outright |
| Allow list for trusted bot app IDs | Empty | Admins can enter Entra ID application IDs of verified third-party bots |
| Custom feedback | Off | If enabled, organizers can submit a “This was a false positive” or “Confirm bot” telemetry click directly from the lobby notification |
The sensitivity slider affects how aggressively the model flags accounts. “Low” reduces false positives but may let more sophisticated bots through; “High” applies stricter criteria and may impact users with non-standard clients. The “Block outright” option removes the organizer decision step entirely and prevents the flagged participant from joining, useful for organizations that have suffered repeated bot attacks and prefer a zero-tolerance policy.
Crucially, the allow list gives admins a path to exempt legitimate AI services. Many companies now rely on approved transcription bots, note-takers, or custom AI assistants that join meetings programmatically. By providing the Entra ID application ID of these services, administrators can pre-authorize them to bypass the lobby check. Microsoft will also publish a list of its own services—such as Teams Premium’s intelligent recap and other Copilot integrations—that are automatically exempted.
Privacy and Ethical Implications
The detection system raises immediate questions about user privacy and the potential for profiling. Microsoft has been clear that the heuristic does not inspect meeting content (audio, video, or screen sharing) to make its determination. It relies solely on meta-data and client signals, which the company says aligns with its commitments under the EU’s Digital Services Act and GDPR. However, privacy advocates have already begun to probe the boundaries.
“Any time you have an automated system making decisions about who gets to participate in a conversation, you have to scrutinize the fairness of the criteria,” said Dr. Elena Vrabie, a researcher at the Center for Digital Trustworthiness. “If the model flags people using assistive technologies or those who join from regions with less common behavioral patterns, you risk excluding the very individuals these meetings are meant to serve.”
In response, Microsoft has added a transparency note to the Teams admin center, advising that organizations using the High sensitivity setting should communicate proactively with external partners who might be affected. The note also clarifies that organizers can always override the lobby decision, and all actions are logged in the Microsoft Purview compliance center for auditing.
For end users, the impact is minimal if they are human. The only change they might notice is a slightly longer lobby wait if their account triggers a false positive—something Microsoft aims to minimize through ongoing tuning. The company plans to release quarterly transparency reports detailing the volume of bot detections, the false-positive rate, and remediation measures.
Impact on Meeting Culture and Productivity
The feature arrives as organizations grapple with meeting fatigue and “bombing” incidents that go beyond simple nuisance. In early 2026, a widely reported campaign used Teams guest join capabilities to plant AI bots in earnings calls and board meetings, where they silently transcribed confidential discussions and later published them on public forums. The new lobby control aims to restore trust in open meetings—those that allow external participants—without resorting to draconian measures like disabling guest access entirely.
For IT departments, the change promises a significant reduction in policy complexity. Previously, safeguarding against bots required a maze of meeting options: always having an organizer present, restricting lobby bypass to specific domains, and manually vetting external users. The automated detection shifts the burden back to the platform, a move reminiscent of how email providers largely eliminated spam through machine learning rather than manual rules.
Yet legitimate automation providers are scrambling to adapt. Companies like Otter.ai, Fireflies.ai, and Supernormal, which offer AI notetakers that join as named participants, must now ensure their services are registered in their customers’ allow lists. Microsoft has published guidance recommending that admins add these app IDs before July, warning that customers who ignore this step may find their favorite notetakers stuck in the lobby.
The Broader Roadmap for Meeting Security
This lobby bot check is one piece of a larger security overhaul Microsoft has scheduled for Teams in the second half of 2026. Leaked roadmap items include:
- AI-generated invite verification: Meetings will generate a cryptographic prompt that legitimate invitees must respond to, proving they received the invite through the intended channel.
- Real-time attendee reputation scoring: Similar to email sender reputation, each external participant will carry a dynamic trust score based on their interaction history across Microsoft 365.
- Meeting watermarking: Visual and audio watermarks embedded in meetings to trace the source of unauthorized recordings.
- Copilot integration: An optional setting where Microsoft 365 Copilot can act as a virtual “meeting guardian,” analyzing join requests in natural language and asking unverified participants a CAPTCHA-like challenge before admission.
Taken together, these features signal Microsoft’s intent to make Teams the most secure meeting platform by embedding intelligent, automated defenses rather than relying on user vigilance alone. The bot lobby check is the first to ship in a stable, default-on state, and its success or failure will likely influence the pacing of the rest.
Preparing Your Organization
For enterprise IT managers, the June 28 deadline demands immediate action. Microsoft recommends the following steps:
1. Audit current meeting policies: Identify which policies allow external guest access and how lobby bypass is configured.
2. Compile a list of trusted bots: Inventory any third-party AI services your organization uses that join Teams meetings, and collect their Entra ID application IDs.
3. Test in preview: Apply the bot detection settings to a subset of users or test tenants using the “Moderate” sensitivity and monitor for false positives.
4. Train employees: Prepare organizers to handle the new lobby notifications, especially the responsibility of verifying unknown participants before admitting them.
5. Review compliance requirements: Ensure that logging of bot detections and organizer actions meets your industry’s data retention and audit standards.
The transition, while technical, is designed to be seamless. Microsoft will not require a client update; the logic runs server-side, meaning even users on older Teams desktop or mobile apps will benefit. However, admins who wish to customize settings must have the latest Teams admin center experience, which is being rolled out in parallel.
What Comes Next
The summer 2026 rollout will be closely watched by both security professionals and the AI community. If the bot detection proves accurate and unobtrusive, it could become a template for other collaboration tools—Zoom and Google Meet are known to be exploring similar heuristics. If it produces an unacceptable number of false positives, organizations may disable it, leaving the bot problem unsolved.
Ultimately, the feature reflects a maturing understanding of AI’s dual role in the enterprise: a productivity booster and a potential threat vector. By attempting to algorithmically separate the benign from the malicious, Microsoft is betting that machine learning can safeguard the very meetings that AI is increasingly helping to run. Whether that bet pays off will become clear by the time the last phases of the rollout complete in September 2026.