Email OTP Verification for External Users to Join Teams Meetings

Microsoft Teams meetings play a key role in business communication, especially as hybrid work and external collaboration continue to grow. However, external participants can currently join Teams meetings as unverified users without a Microsoft account. If the invitation link is shared or leaked, it may allow anonymous users to join, posing risks of data leaks and security breaches.

To address this, Microsoft is introducing a new meeting option that requires external participants to verify their email addresses before joining Teams meetings, as per news MC953756. This update enhances security by ensuring that only authenticated users can access Teams meetings. In this blog, we’ll explore how this feature safeguards your meetings.

Microsoft Teams enables external participants to verify their email addresses using a one-time passcode (OTP) to access meetings with this update. This new feature empowers admins to restrict access, ensuring only verified users can attend and participate in Teams meetings securely.

Currently, the admin uses the “Anonymous users can join a meeting” option in the admin center to manage anonymous user participation in Teams meetings. By default, this setting is turned on, allowing external participants to join meetings without any verification. However, turning off this setting blocks users without a Microsoft Account (MSA) or a Microsoft Entra account from joining the meeting.

With the introduction of the new meeting option called “Anonymous users can join a meeting after verifying by email code,” admins and meeting organizers now have the option to control the joining of external participants. Instead of simply allowing or disallowing external attendees, admins can force the external users to verify their email with OTP before joining the meeting. This new feature enhances security by blocking bots and anonymous users from attending Teams meetings.

The rollout of this new meeting option is scheduled to begin in mid-January 2024 and is expected to complete by late January 2025 for the targeted release. General availability is planned to start in late March 2025 and finish by early April 2025.

Note: This feature is only available to Teams Premium users.

To enable the email OTP verification feature for external participants, follow the steps below.

1. Sign in to the Microsoft Teams admin center.
2. Open the Meetings dropdown, select Meeting policies.
3. Select an existing meeting policy or create a new one and then go to the Meeting join & lobby section.
4. You have a new meeting policy labeled Anonymous users can join a meeting after verifying with the option ‘By email code’.

When admins enable both meeting policies, they provide meeting organizers with the option to require email verification. Organizers can then decide whether to enable email verification using the new meeting option, ‘Require unverified participants to verify their info before joining‘.

This option can be found in the Meeting options under the Recording & transcription section when scheduling a meeting. By default, this option is set to off which means unknown participants can join without verification.

If the organizer turns on this toggle, external users need to verify their identity before entering the meeting. This typically involves verifying their email address with a code sent to their email address.

Consider a scenario where the organizer has enabled the ‘Require unverified participants to verify their info before joining‘ option. When an external participant joins the meeting using an invitation, they must authenticate their identity before entering the Teams meeting.

They can authenticate using the credentials of a Microsoft work account, school account, or personal account. For participants without any of these accounts, verification can be completed by entering their email addresses and receiving a one-time passcode.

If the meeting organizer has disabled the verification setting, external participants can join without verification and will be considered unverified attendees.

How Lobby bypass Work for Email OTP Verification Feature?

External participants can either join the meeting directly or wait in the lobby until the organizer grants them access. This behavior depends on the lobby bypass settings configured by admins and organizer in the meeting policy.

If external users have verified the email address to which the meeting invitation was sent, they can join the meeting directly. This is allowed when your lobby bypass settings permit invited participants. When external participants verify their identity using an email address different from the one the meeting invitation was sent to, they will be placed in the lobby with an ‘Email verified‘ tag.

The email address used for verification will appear on their profile card in the lobby, meeting roster, and meeting chat. They must wait for the organizer’s approval to join the meeting.

• Ease of Access: Through email OTP verification, external users can join the Teams meeting with their existing email. They do not need to create a new account and this makes external collaboration easier.
• Authorized External User: When external participants sign up for a Teams meeting, OTPs can be used to verify their email addresses. This ensures the provided contact information is valid and belongs to that specific user. It prevents anonymous users and Teams bots from joining the meeting.
• Enhanced Security and Trust: Only external participants with verified email addresses can join the meeting with this new feature. This ensures all attendees are authenticated and make it easier for organizers to manage external access in Teams.
• Enhanced Engagement: Collecting attendee information during Microsoft Teams meetings enables organizer to monitor and view meetings attended by specific users and allows organizers to personalize follow-ups. Additionally, sharing sensitive documents with external participants via verified email addresses ensures secure collaboration and access control.

I hope this blog helps you to understand the upcoming Microsoft Teams external participant verification feature. It enhances security in Teams meetings while giving you greater control over external collaboration. Share your thoughts on this feature, and feel free to leave any questions in the comments below!