Microsoft has introduced new bot protection features to its Teams platform, aimed at preventing malicious bots from infiltrating meetings and compromising security and privacy.
New Bot Protection Features
The company has rolled out a new admin policy called "Manage external bots and their access to meetings," which allows organizers to control how external bots access meetings. The default configuration is set to require approval before joining, placing detected bots in a lobby where they can be explicitly admitted into the meeting.
Teams will now use infrastructure signals to intelligently detect and distinguish between bots and humans, with Microsoft stating that it has "strengthened Teams' ability to distinguish between bots and human participants as they join a meeting" using a combination of behavioral and infrastructure signals. This means that organizers can quickly identify which bots are trusted or suspected threats.
The new policy also includes additional safeguards to block accidental admission of bots into meetings, such as no one-click Admit option for identified bots, confirmation prompts when admitting participants that include bots, and warnings when organizers choose Admit all and bots are included.
Background and Context
The use of AI has expanded across enterprise environments, allowing users to integrate bots into their meetings for various tasks such as note-taking. However, misconfiguration has allowed bots to join meetings that they shouldn't, creating security and privacy risks.
Microsoft product marketing manager Meera Ajam wrote in a company blog post that "bots have begun joining meetings that participants never intended them to attend." For example, after connecting a third-party service to a meeting, some users have found that its bot continues joining future meetings automatically.
Ajam thinks bots butting into meetings that include discussion of sensitive matters is a potential security and privacy problem. Microsoft has therefore built tech that sees Teams require a human to check a bot's ID in the "lobby" where guests wait before a meeting. If a human rates a bot as worthy of coming inside, it gets to join the meeting.
Why It Matters to the Industry
The new bot protection features are significant for adult-industry platforms and operators because they address a critical issue: the risk of malicious bots infiltrating meetings and compromising security and privacy. The industry relies heavily on video conferencing and collaboration tools, making it vulnerable to these types of threats.
With the rise of AI-powered transcription and note-taking bots, there is an increased risk of misconfiguration allowing unwanted guests into meetings. Microsoft's new features provide a much-needed solution for adult-industry platforms and operators to ensure that only authorized participants can join meetings.
What Comes Next
Microsoft plans to add additional capabilities such as allow-lists, organization-wide policies, admin reports, audit logs, and more granular controls. The company is also working with a limited set of independent software vendors (ISVs) to preview the registration path for ISVs that build meeting experiences for Microsoft Teams.
When Teams recognizes the self-identification marker included in join requests from registered bots, it can identify them as known participants. This means that bot-builders will be able to register with Microsoft and include a marker in their join requests, ensuring that desirable bots always get in.
Key Facts
- Microsoft has introduced new bot protection features to its Teams platform.
- The company has rolled out a new admin policy called "Manage external bots and their access to meetings."
- Teams will now use infrastructure signals to intelligently detect and distinguish between bots and humans.
- The default configuration is set to require approval before joining, placing detected bots in a lobby where they can be explicitly admitted into the meeting.
- Microsoft plans to add additional capabilities such as allow-lists, organization-wide policies, admin reports, audit logs, and more granular controls.