---
title: "Microsoft Teams Adds Lobby-Based Bot Detection"
date: 2026-07-01
author: "Sofia Ramirez"
featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2026/07/microsoft-teams-adds-lobby-based-bot-detection.jpg"
categories:
  - name: "Cybersecurity"
    url: "/cybersecurity.md"
tags:
  - name: "News"
    url: "/tag/news.md"
---

# Microsoft Teams Adds Lobby-Based Bot Detection

According to Microsoft, a new Teams admin policy was detailed on June 30, 2026. The policy automatically detects potential bots attempting to join meetings, places them in the lobby, clearly identifies them, and prompts organizers to confirm admission.

## Quick Summary – TLDR:

- Teams now auto-detects bots and routes them into the lobby for organizer approval, even in lobby-bypass meetings.
- The lobby now sorts arrivals into four categories: Verified participants, Standard participants, Registered bots, and Unregistered/system-identified bots.
- Safeguards remove the one-click Admit option for identified bots and warn organizers using “Admit all” when bots are present, per Microsoft’s documentation.
- Microsoft is retiring the older CAPTCHA-based “Require verification by participants” policy.
- The rollout arrives as Microsoft addresses growing abuse of Teams for social engineering, including ransomware gangs impersonating IT and helpdesk staff.

## What Happened?

When enabled, Teams automatically detects potential bots, places them in the meeting lobby, clearly identifies them, and prompts organizers to confirm admission. Even when organizers allow participants to bypass the lobby, identified bots must still receive explicit approval. The new system uses behavioral and infrastructure signals to identify bots with greater accuracy before they join calls. The change lands amid rising [Cybersecurity threat data](https://sqmagazine.co.uk/cybersecurity-statistics/) showing Teams increasingly targeted for impersonation-driven intrusions.

> Microsoft Teams’ New Feature Blocks Bots from Joining Meetings   
>   
> Source: <https://t.co/jJkmEniTJN>  
>   
> Microsoft has rolled out a new bot protection capability in Microsoft Teams that gives IT administrators and meeting organizers greater control over external bots attempting to join… [pic.twitter.com/a5i2RTRHpS](https://t.co/a5i2RTRHpS)
> 
> — Cyber Security News (@The\_Cyber\_News) [June 30, 2026](https://x.com/The_Cyber_News/status/2072103891769176074?ref_src=twsrc%5Etfw)

 ## The Bot Identification Program

Microsoft will introduce the **Teams Bot Identification Program**, letting independent software vendors (ISVs) that build meeting experiences for Teams register their bots. Pre-approved bots from registered vendors will bypass manual approval, though Microsoft says it is “**working with a limited set of ISVs to preview this capability and validate the experience before broader availability**“. “**Admitting a bot should be a deliberate decision, not something that happens by mistake.**” **Meera Ajam**, Microsoft product marketing manager Bots have begun joining meetings that participants never intended them to attend, particularly when third-party services are connected.

Microsoft recommends administrators set the “**Who can admit from the lobby**” meeting option to organizers and co-organizers, and the underlying policy can be assigned to individual users or specific groups through the [Teams Admin Center](https://sqmagazine.co.uk/microsoft-teams-statistics/), giving security teams a rollout path that does not require an org-wide flip. Microsoft plans further controls, including approved bot allowlists, policies to block external bots entirely, and admin audit logs for bot detection, none of which have shipped yet, so today’s release is the detection-and-friction layer, not the enforcement layer.

## Replacing CAPTCHA With Behavioral Signals

The old verification policy relied on a static challenge: a CAPTCHA prompt any caller, human or automated, could solve or route around with off-the-shelf solving services. The new model instead scores behavioral and infrastructure signals before a caller ever reaches the meeting, shifting detection from a one-time gate a bot operator could defeat to a continuous classification that is harder to script past.

The bigger lever for security teams is not detection accuracy but the removal of the one-click Admit shortcut. That shortcut previously let a rushed organizer wave in anyone, including an unverified bot, with a single tap, and the new confirmation prompts and “**Admit all**” warnings close that gap directly.

That difference matters because Teams abuse tied to helpdesk and IT-impersonation social engineering has been a live [ransomware](https://sqmagazine.co.uk/ransomware-statistics/) entry vector, and an unnoticed bot riding into a meeting is functionally the same failure mode as an organizer admitting an impersonator. This workflow-level fix belongs alongside the broader remote-work security picture already flagging meeting platforms as a soft spot in distributed teams.

## SQ Magazine’s Takeaway

This update is an admission-workflow fix disguised as a detection feature, and the workflow fix is the more consequential part.

Bot identifiers improve incrementally and can be evaded; a default that forces a deliberate, logged decision before any bot enters a call closes a class of mistake regardless of how good the detection gets underneath it.

Security teams should treat this as a checklist item: add the policy now, set lobby admission to organizers and co-organizers, and register any in-house ISV bots early while the identification program stays in limited preview.

The CAPTCHA retirement also signals where [Microsoft](https://sqmagazine.co.uk/microsoft-statistics/) is heading: static human verification challenges are increasingly treated as a weak control industry-wide and continuous behavioral scoring is becoming the baseline expectation.

Administrators should not assume the current release closes the gap entirely: the promised allowlists, org-wide blocking policies, and audit logs are still on the roadmap, and until those ship, organizer vigilance at the point of admission remains the control this feature helps reduce risk around, not replace.