Microsoft has announced that Teams will receive a new security update changing how external bots are handled during meetings. The company confirmed that the platform will soon automatically identify and tag third-party bots attempting to join calls.
“During Teams meetings, if there is an external third-party bot trying to join the meeting, organizers will be able to see a clear representation of the bots while they wait in the lobby,” Microsoft said in its announcement.
The update, scheduled to roll out in May 2026, reflects the evolving threat landscape facing collaboration tools. Understanding how the new feature works reveals why it represents a meaningful shift in meeting security.
What the New Feature Actually Does
When the update becomes generally available, external third-party bots that attempt to join a Teams meeting will no longer blend in with human participants in the lobby. Instead, they will be clearly labeled, making their non-human status immediately apparent to whoever is managing the meeting.
Meeting organizers will need to explicitly and individually admit those bots. They cannot be allowed into the meeting automatically as part of a broader group of attendees waiting in the lobby.
Microsoft has been direct about the intent behind this design. “Organizers will be required to explicitly and separately admit these bots into the meeting, if really required,” the company stated in its announcement.
This change matters because bots used for note-taking, transcription, or other automated tasks are now widely deployed across modern businesses. Many are legitimate and valuable tools. However, the lack of visual distinction between a bot and a human participant in a lobby can create a blind spot that the new tagging system directly addresses.
Why Meeting Bots Have Become a Security Concern
Since the rise of AI, the presence of a bot joining a call has become completely unremarkable. Tools that record, transcribe, summarize, and analyze meetings are now fixtures of the remote working environment, and most attendees accept their presence without much thought.
These bots often appear on screen as just another participant, a tile in the grid, sometimes labeled “Notetaker” or with the branding of whichever third-party platform sent them. Their normalization has been swift. The convenience they offer has made scrutiny of them feel unnecessary or even obstructive.
That normalization is exactly what makes them attractive to bad actors. Attackers are increasingly seeking ways into organizations that bypass traditional perimeter defenses. Firewalls, endpoint protection, and email filters are now well-understood barriers. Entering through the front door of a meeting disguised as a familiar bot offers a subtler path to harvesting sensitive information.
Having granular, conscious oversight over which bots enter a meeting is therefore not a minor quality-of-life improvement. It is a meaningful security control. The ability to distinguish between a sanctioned tool and a malicious application masquerading as one could determine whether a call remains routine or becomes a data breach.
Microsoft’s Broader Commitment to Collaboration Security
This bot-tagging feature does not exist in isolation. It is the latest in a series of security-focused updates Microsoft has rolled out across Teams as the company takes a firmer stance on how the platform can be exploited.
In January, Microsoft introduced a call reporting feature allowing users to flag suspicious or unwanted calls as potential scams or phishing attempts. Teams also added fraud-protection warnings for external callers impersonating trusted organizations, helping protect against social engineering attacks.
Since December, administrators have been able to block external Teams users via the Defender portal, directly countering cybercrime groups.
Collectively, these updates signal a platform actively strengthening itself against a new generation of threats that target collaboration tools in novel ways. This latest update extends that commitment by securing another weak point: meetings. With improved visibility over bots, companies can know exactly who, or what, is in their calls.
