Skip to content
Submit a ticket
  • There are no suggestions because the search field is empty.

How to Disable Anonymous Bots from Joining Microsoft Teams Meetings

Third-party AI bots increasingly attempt to join Teams meetings as anonymous participants to record and transcribe conversations. This can pose security, privacy, and compliance risks. Microsoft provides several admin-level controls to prevent this, with additional features rolling out in 2026.

This guide covers the recommended approach — enabling CAPTCHA verification and enforcing lobby controls — along with additional measures and an upcoming Microsoft feature.

Step 1: Require CAPTCHA Verification for Anonymous Participants

CAPTCHA verification forces any anonymous participant to complete a human verification challenge before entering the meeting or lobby. Automated bots cannot pass this check, which makes it your first and most effective line of defence.

Steps (Teams Admin Center)

  1. Open the Teams admin center at admin.teams.microsoft.com.
  2. Navigate to Meetings → Meeting policies.
  3. Select an existing policy or create a new one.
  4. Scroll to the "Meeting join & lobby" section.
  5. Set "Require a verification check from" to "Anonymous users and users from untrusted organisations".
  6. Click Save.

PowerShell

You can also configure this via PowerShell using the CsTeamsMeetingPolicy cmdlet:

Set-CsTeamsMeetingPolicy -Identity <policy name> -CaptchaVerificationForMeetingJoin AnonymousUsersAndUntrustedOrganizations

To disable the check:

Set-CsTeamsMeetingPolicy -Identity <policy name> -CaptchaVerificationForMeetingJoin NotRequired

Users who are required to verify will be presented with either a text CAPTCHA (Latin characters) or an audio CAPTCHA (English).

Step 2: Enforce Lobby Controls

Lobby controls add a second layer of protection. Even if something gets past the CAPTCHA — for example, a human-operated bot completing the challenge manually — organisers still have a manual checkpoint to review and reject unrecognised participants before they enter the meeting.

Steps (Teams Admin Center)

  1. Open the Teams admin center.
  2. Navigate to Meetings → Meeting policies.
  3. Select the relevant policy.
  4. Under "Meeting join & lobby", set "Who can bypass the lobby" to "People in my org" (or "People in my org and trusted organisations").
  5. Click Save.

With both settings enabled, external participants must first pass a CAPTCHA to prove they are human, and then wait in the lobby until the organiser admits them. This layered approach blocks automated bots at the CAPTCHA stage and gives organisers visibility over anyone who does make it through.

Coming Soon: Bot Labeling in the Meeting Lobby (May 2026)

Microsoft has announced a new feature scheduled for general availability in May 2026 that will make it even easier to identify and block bots:

  • External third-party bots attempting to join a meeting will be clearly labeled as bots in the lobby, rather than appearing as regular participants.
  • Meeting organisers will need to explicitly and individually admit each bot — they cannot be accepted as part of a bulk "admit all" action.
  • The feature will be available across Windows, macOS, Android, and iOS.

No admin configuration is required for this feature — it will be enabled automatically once rolled out. Combined with CAPTCHA and lobby controls, this will provide a comprehensive defence against unwanted bots.

Further Reading

Additional Controls

The following settings are also available:

Disable anonymous user join entirely: Under Meetings → Meeting settings → Participants, set "Anonymous users can join a meeting" to Off. This blocks all anonymous participants, including legitimate external guests without Microsoft accounts. Only use this if your organisation never needs to invite external anonymous participants.

Disable anonymous app interaction: Under Meetings → Meeting settings → Participants, set "Anonymous users can interact with apps in meetings" to Off. This limits what a bot can do if it does manage to join, but is largely redundant when bots are blocked at the CAPTCHA/lobby stage.

Block known bot domains: Under Users → External access, select "Block only specific external domains" and add domains such as otter.airead.ai, or fireflies.ai. This is a reactive measure that only covers known services and does not affect bots that join anonymously.