The Hidden Security Risk in Microsoft Teams: Detecting AI Note-Taking Bots with KQL

This report details a security/privacy gap where third‑party AI note‑taking bots can join Microsoft Teams meetings via calendar integrations and capture conversations outside the organization; it provides Microsoft Defender Advanced Hunting KQL queries to detect MeetingParticipantDetail events (participants admitted from the lobby), identify likely AI bots and the user who admitted them, and recommends mitigations such as blocking known bots, monitoring admissions, and user education while noting event ingestion delays.