Teams premiere bot label in lobby and explicit admission to stop automated intrusions

Microsoft has announced a small change in appearance but important in the operation of Teams: soon, third-party bots trying to enter a meeting will be clearly identified in the lobby rather than mixed with real people. According to the corresponding entry in the Microsoft 365 Roadmap, the function is in development and is planned to be deployed in May 2026 for Teams versions in Windows, MacOS, Android and iOS, both in standard multitenant environments and in GCC clouds.

In practice, this means that when an external bot requests access to a meeting, its name or label will not go unnoticed in the waiting room. Organizers must admit this separately and explicitly reducing the risk of a human assistant unintentionally accepting an automated participant in the middle of a group. Microsoft explains that the intention is to give the host complete control over the presence of external applications at the meeting.

Why is this change relevant? Because automated integrations - from attendees taking notes to transcription or moderation services - are increasingly common in hybrid meetings. At the same time, this same capacity can be exploited by malicious actors: a bot controlled by an attacker could enter a meeting to record, extract information or facilitate social engineering attacks. Identifying and requiring explicit admission reduces the likelihood of unwanted or invisible additions and provides an extra layer of defense against abuse.

The new booster label fits into a wider Microsoft movement to tighten protection in Teams. In recent months the company has been adding mechanisms for users to report suspicious calls and to warn about brand suplantations in incoming communications, measures aimed at stopping phishing attempts and other voice mos. In addition, managers have won tools to block external users from the Defense portal, an option designed to make it difficult for cybercrime networks to abuse the platform as a channel of targeted attacks.

For IT managers and Microsoft 365 administrators this is, in addition to a security improvement, a new management focus: application policies, integration permits, and meeting policy settings will need to be reviewed to decide which bots are reliable and which are not. Microsoft maintains documentation to manage applications in Teams and meeting policies, which will be useful in planning how to integrate or restrict automations: manage applications in Teams and meeting policies in Teams. For broader threats and protection responses, the Microsoft security page collects analysis and general recommendations: Microsoft Security Blog, and the Microsoft 365 Defender portal is the center for administrative actions and blockages: Microsoft 365 Defender.

In real life, the bot label in the lobby is not a silver bullet: it depends on the organizers being aware and making the right decision; it also requires developers and booster providers to be transparent in their identifiers and permissions to gain the confidence of the organizations. Still, the measure is a practical step towards safer and more transparent meetings and reflects the need to adapt collaborative management to the growth of automation and to the new threats that artificial intelligence brings.

If you work in IT, check your tenant's policies when this function is deployed and mark the applications that are allowed. If you are a meeting organizer, keep your attention to admitting participants from the lobby: in the future, there could be a label that clearly indicates "non-human." And if you're a bots developer, get ready for your service to be clearly identified and to meet the privacy requirements and permissions that companies require.

In short, it is not a revolution in the user experience, but it is a significant improvement in the safety hygiene of meetings: identity and control before automatic comfort, a priority that Microsoft seems to want to strengthen in Teams.