Microsoft has begun rolling out a new defensive layer for Teams meetings that automatically detects suspected external, third-party AI bots and confines them to the lobby. The change, which started reaching tenants in mid-May 2026, means meeting organizers must now manually admit any AI assistant they want to allow into a session—putting an abrupt stop to the silent, automatic joining that many bots have relied on. Dubbed the Lobby Bot Check internally, the feature is Microsoft’s most direct attempt yet to give customers control over which AI-powered note-takers, transcription services, and meeting coaches are allowed to capture sensitive audio and video content.

The rollout arrives as AI meeting assistants have exploded in popularity. Services like Otter.ai, Fireflies.ai, and Sembly AI, along with dozens of newer entrants, offer to join calendar events, listen in, and generate notes, summaries, and action items. While productivity gains are clear, many IT administrators and compliance teams have grown uneasy about third-party services recording meetings without explicit, per-meeting consent. The new Teams behavior doesn’t block bots outright, but forces a decision point that had been missing.

Why AI Meeting Assistants Became a Security Headache

Third-party bots typically join Teams meetings through the platform’s guest-joining capabilities. An AI assistant app is invited via a calendar integration, then it appears as a participant with a clearly labeled “bot” or generic guest name. Once inside, it can capture audio, video, and shared screen content—often storing that data on external servers for processing. For regulated industries and enterprises with strict data-residency requirements, this has been a governance nightmare. Even when meeting organizers intended to allow a bot, they might not realize it was present, especially if the bot joined before the real participants tuned in.

Microsoft has long offered tenant-level controls to block anonymous users and restrict external access, but those broader settings often sidelined legitimate participants. The Lobby Bot Check is a surgical instrument. It uses signals—likely including the join URL source, user-agent strings, bot indicators in Azure AD guest tokens, and behavioral patterns—to classify an incoming connection as a probable third-party AI bot. Instead of being outright rejected, the bot is placed in the lobby, where it waits for the organizer’s explicit permission.

How the Detection Works

Microsoft has not published the full detection logic, but early documentation hints at a multi-factor evaluation. First, the service checks whether the joining identity is a guest from an external domain that is not in the tenant’s allowed list. It then cross-references known characteristics of popular meeting assistant platforms—such as specific client strings or API access patterns. If the system scores a join attempt above a certain threshold, the bot is flagged. The organizer sees a distinctive lobby notification that reads “Waiting in lobby: Possible AI assistant,” along with the bot’s display name and the option to admit or deny.

Importantly, the check does not apply to first-party Microsoft bots or to apps built on the Teams Graph API that use modern resource-specific consent and are approved by an admin. Microsoft’s own AI-powered Assistant in Teams Rooms, Copilot, and any app that integrates via the official line-of-business (LOB) framework are exempt. The target is squarely on unvetted third-party services that historically joined as simple guests with no clear chain of administrative approval.

Rollout Status and Available Controls

The Lobby Bot Check began rolling out in mid-May 2026 as a service-side update. No admin action is required for the detection to become active—Microsoft has turned it on by default for all commercial, GCC, and EDU tenants. The roadmap item (tracked as ID 418126) states that the feature reached general availability on May 18, 2026, with a full global deployment expected by the end of the month.

For the initial rollout, tenant admins have no toggle to disable the check entirely. This default-on approach mirrors other Teams security enhancements like end-to-end encryption for unscheduled meetings. However, Microsoft says an admin control will be added in a future update, likely in July or August 2026, that will allow organizations to exclude trusted external domains from bot screening or to turn off the lobby redirect while still logging the detection events. Audit logs will capture every lobby admission and denial, feeding into the Microsoft Purview compliance portal and enabling SecOps teams to track which bots attempted to join which meetings.

What Organizers and Participants See

For a standard Teams meeting, the experience changes subtly. If an AI assistant tries to join, the organizer receives a lobby prompt that stands out from a regular attendee’s request. The prompt says: “We’ve detected a possible external meeting assistant. You can admit them if you trust this app.” There are three options: Admit, Deny, or View details. View details opens a side panel showing the bot’s source domain, its publicly registered app name, and a link to Microsoft’s guidance on meeting safety. If the organizer takes no action, the bot remains in the lobby indefinitely and cannot hear the call.

Participants see a small system message if a bot is admitted: “An external meeting assistant was allowed in by the organizer.” This transparency is intended to alert attendees who might object to being recorded by a third party. If the organizer denies the bot, the system notifies the bot’s service that access was refused, and it can offer the organizer a chance to reschedule or join in a different way—such as by manually pasting a meeting transcript instead.

Mixed Reactions From the Community

Early feedback on Microsoft’s Tech Community forums and social media has been sharply divided. IT administrators at financial services firms and healthcare organizations have largely praised the feature, describing it as “long overdue.” One IT manager wrote, “We’ve blocked external guests entirely because we couldn’t trust which bots were joining. Now we can let customers and partners in while keeping the uninvited AI out.” Compliance teams appreciate the audit trail, which helps satisfy regulators who demand a record of exactly who—or what—could record executive calls.

Independent knowledge workers and sales teams are less enthused. Many rely on AI note-takers to avoid manual minutes, and now they must interrupt their meeting start to approve a bot. Some have reported that the detection triggers false positives for legitimate guest users joining from unusual email domains, causing friction at the beginning of cross-company calls. “I had to manually admit three clients yesterday because their company’s email system was flagged as a bot,” a user posted. Microsoft acknowledged the issue and said it is tuning the algorithm to reduce false positives in the coming weeks.

Third-party developer communities have also reacted. Companies like Otter.ai published support articles within days, instructing users to ask organizers to admit their bot and reminding them that the Lobby Bot Check does not apply if the bot is invited and directly authed via an approved Teams app. Developers are now exploring ways to distinguish their services so detection can be more accurate—perhaps by registering with Microsoft or adopting a standard bot certificate.

Implications for Meeting Governance

For organizations that have already invested in a preferred AI note-taking service, the Lobby Bot Check underscores the importance of software asset management. Admins who haven’t yet built a curated catalog of approved meeting apps may find themselves fielding user complaints about blocked assistants. The feature essentially enforces a “deny-by-default” posture for unregistered external bots, which aligns with Zero Trust principles but requires proactive communication and user training.

Legal and privacy teams are beginning to advise clients to update meeting notices. If an organization’s standard practice is to use a specific AI note-taker, the notice might now say, “This meeting will include an AI assistant hosted by [Vendor]; by joining, you consent to recording and processing as per [Vendor’s] privacy policy.” The lobby prompt gives a structural moment where that notice can be reinforced—the organizer can mention in the meeting intro that the bot will be admitted and why.

Developer Guidance and Future Path

Microsoft is encouraging third-party bot makers to move away from guest-join patterns and adopt the Teams AI app model with resource-specific consent. In a blog post accompanying the rollout, the Teams engineering team wrote, “The most secure way to bring AI into meetings is through a certified Teams app that admins can deploy and manage with granular data-governance policies.” They pointed partners to the updated bot framework documentation and noted that apps using the new model will not be flagged by the lobby check.

For bots that must continue joining as guests, Microsoft suggests they implement user education flows: when a meeting is booked, the bot service could send a calendar invite note asking the organizer to be ready to admit the bot. Several bot vendors are already adding this guidance to their onboarding checklists. Meanwhile, Microsoft’s Copilot and Teams Premium intelligent recap features remain the endogenous alternatives, further tightening the competitive landscape for third-party providers.

The Lobby Bot Check is likely to evolve. Insiders whisper that future iterations could incorporate machine learning to recognize trusted bots by behavior, allowing repeat assistants to bypass the lobby if they’ve been admitted in the past. Another possibility is a challenge-response prompt that requires the bot to complete a CAPTCHA to prove it isn’t a rogue script—though that could also frustrate legitimate uses.

What This Means for Everyday Meetings

For the average Teams user, the biggest change will be a brief pause at the start of a meeting when a bot tries to sneak in. If you’re an organizer who uses an AI assistant regularly, you’ll learn to admit it quickly, much like letting a late co-worker out of the lobby. The protective value will be most felt in high-stakes contexts: board meetings, M&A discussions, clinical case reviews, and legal depositions, where an uninvited data collector could cause real damage. By making bot admission a deliberate, logged action, Microsoft is giving organizers back the agency that the convenience of automated joining had eroded.

Whether users embrace that agency or find a way around it remains to be seen. But for now, the lobby has a new, more intelligent bouncer, and the days of AI bots slipping into meetings unnoticed are over.