An AI notetaker turning up uninvited in a Teams meeting has become an ordinary occurrence. Someone on the call once granted a third-party app access to their calendar, and now its bot joins everything, recording and transcribing in the background while the host has no idea who, or what, is listening. Microsoftβs answer until now has been to make organisers spot the intruder and turn it away themselves. From August, IT can take that decision out of their hands.
A new entry on the Microsoft 365 roadmap (ID 566201) confirms that Teams will let administrators block every identified external AI bot automatically. There is no organiser approval to grant, no lobby prompt to read, and no split-second risk call at the top of a live call.
The feature is in development now, with rollout starting in August 2026 across Android, desktop, iOS, Mac, and web. It reaches both Worldwide (Standard Multi-Tenant) and GCC tenants, landing at General Availability and Targeted Release together. The change looks small in the admin console. What it does is hand IT a tenant-wide default of βno.β
Why automatic bot blocking matters for Teams meeting security
The story so far has put a lot of weight on the human in the meeting. Microsoft rolled out external bot detection earlier this year under Message Center notice MC1251206. Teams could now spot third-party bots as they tried to join, label them βUnverifiedβ in a βSuspected threatsβ area of the lobby, and make organisers admit them with a separate, deliberate click. As Microsoft put it at the time:
βOrganizers will be required to explicitly and separately admit these bots into the meeting, if really required.β
That default, called RequireApprovalWhenDetected in policy terms, was a clear step up. Before it, a bot named βFireflies Notetakerβ or βRead AIβ could sit in the participant grid and pass for any other attendee. The approval model still asked a lot of the organiser, though. They had to clock the bot in the lobby, weigh up the risk, and make the right decision in the opening seconds of a call. Across an organisation running thousands of meetings a day, that is a lot of moments to get right.
The August update takes the decision away. Set the policy to block, and detected external bots never reach the lobby for anyone to wave through.
How ExternalBotAccessMode works in the Teams admin center
The control sits in the Meeting Join and Lobby section of Teams meeting policy, under Manage external bots and their access to meetings. Admins set it in the Teams Admin Center or through the Set-CsTeamsMeetingPolicy PowerShell cmdlet, which exposes the ExternalBotAccessMode attribute. There are three values to choose from. AllowAllBots lets bots in without detection. RequireApprovalWhenDetected sends them to the lobby for approval and stays the default. BlockDetectedBots turns them away at the door.
The setting only applies to external third-party bots. Microsoft 365 Copilot and bots registered as Entra ID applications inside your own tenant fall under separate Microsoft 365 licensing and permissions, so blocking external bots leaves your own sanctioned AI running. Policies can be scoped per user group as well. Legal, finance, HR, and executive teams can sit behind a hard block while everyone else stays on approval.
The wider AI notetaker reckoning
Microsoft is tightening these controls because the third-party notetaker market has taken off, and the governance problem has grown alongside it. Tools from Otter, Fireflies, Read AI, and Fathom join meetings as guests, capture the audio, and send transcripts off to their own cloud. The hosting organisation often never finds out. That is data leaving the tenant with nobody watching it go. Under UK GDPR, it raises transparency and lawful basis questions when participants were never told a bot was processing what they said.
A competitive angle runs underneath all this, and it works in Microsoftβs favour. As UC Today has previously reported, platform vendors are rebuilding their meeting products so native AI passes the consent test and standalone bots get squeezed out. Irwin Lazar, principal analyst at Metrigy, set out the logic of building these features in:
βProviding these kinds of capabilities at no additional charge demonstrates lower total cost of ownership compared to Microsoft, and eliminates the need for its customers to purchase third-party meeting recording and transcribing apps like Otter and Fireflies.β
Every external bot a tenant blocks is one less reason to pay a third party, and one more reason to lean on Copilot instead.
The catch admins should plan for
A hard block is only as good as the detection sitting behind it, and Microsoft has been upfront that some bots slip through. Detection works off infrastructural and behavioural signals picked up during the join process. A bot built to mimic a human participant can sometimes get past it. Detection can also misread a real attendee as a bot, which organisers fix by admitting the person and marking them as βnot a bot.β
That makes BlockDetectedBots one layer rather than the whole answer. App permission policies, sensitivity labels, recording controls, and plain guidance on which AI tools are approved all still earn their place. Teams with cross-tenant exposure, sales and customer success in particular, will want a heads-up that their own tools may get blocked in meetings hosted elsewhere once this becomes a common default.
For IT leaders, the rollout changes the question on the table. It is no longer whether your organisers can spot a bot in the lobby. It is whether your organisation has decided, as a matter of policy, that uninvited AI does not get in.
