[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFZEJNnRaeYOuUFdNjohoMLt-6tPVGM1kQmoyULXbowc":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":22,"created_at":23,"published_at":24,"article":25,"tags":29,"podcasts":48},"f350136b-9b7e-46ec-b4f2-79fcce17f02a","ai-bots-in-teams-meetings-require-explicit-approval-controls","8d1178e3-908d-445a-a9df-bc3f888a71a8","AI Bots in Teams Meetings Require Explicit Approval Controls","Without proper governance, unauthorized AI bots can silently join virtual meetings and harvest sensitive business conversations, credentials, or proprietary information. The core risk lies in the lack of explicit authorization controls for third-party and AI-driven participants in collaboration platforms. Microsoft's update highlights that organizations were previously exposed to privacy and data leakage risks simply by using default platform settings. This matters because modern threat actors increasingly leverage AI bots as passive reconnaissance tools within trusted communication channels.","**Immediate actions:**\n- Enable the new Microsoft Teams admin policy requiring explicit organizer approval before any external bot can join a meeting.\n- Audit all currently authorized bots and third-party app integrations in your Teams environment and revoke any that lack a clear business justification.\n\n**Long-term improvements:**\n- Establish a formal approval and review process for all third-party AI tools and bots before they are permitted in enterprise collaboration platforms.\n- Implement a least-privilege access model for meeting participants, restricting external and automated accounts to only the permissions they absolutely require.\n- Maintain an up-to-date inventory of all approved collaboration integrations and review it on a quarterly basis.\n\n**Detection measures:**\n- Enable logging and monitoring of all bot and external participant activity within Teams to detect anomalous or unauthorized join attempts.\n- Configure alerts for any bot or non-human account attempting to join meetings flagged as sensitive or confidential.",[12,13,14,15,16,17,18,19,20,21],"CIS Control 4: Controlled Use of Administrative Privileges","CIS Control 6: Access Control Management","CIS Control 12: Network Infrastructure Management","NIST SP 800-53 AC-2: Account Management","NIST SP 800-53 AC-3: Access Enforcement","NIST SP 800-53 AC-17: Remote Access","NIST SP 800-53 SI-3: Malicious Code Protection","GDPR Article 25: Data Protection by Design and by Default","GDPR Article 32: Security of Processing","ISO\u002FIEC 27001 A.9.4: System and Application Access Control","published","2026-07-01T20:21:23.919734+00:00","2026-07-01T20:21:23.801+00:00",{"id":7,"url":26,"slug":27,"title":28},"https:\u002F\u002Fwww.securityweek.com\u002Fmicrosoft-adds-new-teams-controls-to-block-unauthorized-ai-bots-from-meetings\u002F","microsoft-adds-new-teams-controls-to-block-unauthorized-ai-bots-from-meetings-603917","Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings",[30,36,42],{"id":31,"name":32,"slug":33,"description":34,"color":35},"1ec88fde-2d0f-4ed8-932a-33f5ccc0fdc7","Access Control","access-control","Excessive privileges, missing MFA, weak auth","#f97316",{"id":37,"name":38,"slug":39,"description":40,"color":41},"859cf0ad-a7e9-42bb-a75d-bac6511fa5d5","Configuration Management","configuration-management","Misconfigs, default credentials, exposed services","#eab308",{"id":43,"name":44,"slug":45,"description":46,"color":47},"c8b843a5-d5a7-41d1-8d3b-cabded09d2ef","Data Protection","data-protection","Unencrypted data, missing DLP, poor classification","#3b82f6",[]]