Posts

About Zoom Security

Written by Daman Grewal on September 29, 2022

Below are some useful links provided by Zoom highlighting the recently made changes to protect end user data, encryption, and securing of virtual classrooms.

Additionally, see this guide for best Zoom security practices from the California Community Colleges Information Security Center.

Features to Secure Meetings

  • Allow only signed-in users to join: If someone tries to join your meeting and isn’t logged into Zoom with the email they were invited through, they will receive a message that says, “This meeting is for authorized attendees only.” This is useful if you want to allow only signed-in users to attend your meeting and only those from a certain domain — other students at your school or colleagues, for example.
  • Enable the Waiting Room: The Waiting Room is an important feature for securing a Zoom Meeting. Just like it sounds, the Waiting Room is a virtual staging area that stops your guests from joining until you’re ready for them to join your meeting.
  • Lock the meeting: It’s always smart to lock your front door, even when you’re inside the house. When you lock a Zoom Meeting that has already started, no new participants can join, even if they have the meeting ID and passcode. Just click the Security icon at the bottom of your Zoom window. In the pop-up, click the button that says Lock Meeting.
  • Avoid using your Personal Meeting ID (PMI): Your PMI is basically one continuous meeting, and you don’t want outsiders crashing your personal virtual space after your designated meeting is over. 
  • Report a user: Hosts can report users to Zoom’s Trust & Safety team, who will review any potential misuse of the platform and take appropriate action. Find this option within our Security icon or under the green shield icon in the top left corner of your meeting, where you can attach screenshots and other documentation as needed.
  • End-to-End Encryption (E2EE): Account owners and admins can enable end-to-end encryption for meetings, providing additional protection when needed. Enabling end-to-end encryption for meetings disables certain features and requires all meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms.
  • Remove unwanted or disruptive participants: You can remove someone from your meeting by using the Security Icon or Participants menu. On the Participants menu, you can mouse over a participant’s name and several options will appear, including Remove. Click Remove to remove someone from the meeting. When you do remove someone, they can’t rejoin the meeting. But you can toggle your settings to allow removed participants to rejoin in case you boot the wrong person. Hosts can also mute and turn off the video of participants to block unwanted, distracting, or inappropriate noise/gestures from other participants.

Settings to Secure your Account

  • Enable single sign-on (SSO): Single sign-on allows you to log in using your company credential and is most effective when it is the only form of login. After enabling SSO, it is best practice to disable all other forms of login (e.g., email, social, etc.). This can be accomplished by using a combination of associated domains and editing the security settings of your account.
  • Two-factor Authentication: Two-factor authentication (2FA) is a two-step sign-in process that requires a one-time code from a mobile app or text message in addition to the main Zoom sign-in. Two-factor authentication is a key component of account security and can help protect against account hijacking.

General Best Practices

  • Automatic Updates: Automatic updates for the desktop Zoom client help users easily receive important security fixes and helpful features, improving their overall experience with the Zoom platform. Our automatic updates feature periodically checks Zoom servers to determine whether a new update is available and is enabled by default for most individual users. If you utilize mass deployment packages for Windows (MSI) and macOS (PKG), updates are typically managed by your system administrator, and this user-level feature is disabled by default.
  • Designate a Security Contact: Account owners can assign users (individual or group aliases) within their organization who are not assigned admins or owners to also receive email communications from Zoom’s Security teams. This field can be used to add internal security team members that would like to receive communications about security updates. 
  • Use the right Zoom solution for your need: If you’re planning to use Zoom to host a virtual event with people you may not know, make sure to leverage Zoom Video Webinars or Zoom Events — products designed specifically for digital events. 

Major New Launches

  • Introducing: Zoom Events Networking – Hosts can now allow attendees to discover other participants, connect, and exchange information with each other — all within Zoom Events. Some new features include: People Profiles, Networking Directory, Discovery Tools, and more. Check out our blog for more details on Zoom Events Networking.

Zoom Learning Center Updates

  • Zoom Whiteboard training is here! Explore the exciting new Zoom Whiteboard through Zoom Learning Center’s Welcome to Zoom Whiteboard training. Learn how to access, create, and share whiteboards before, during, and after meetings. Take advantage of the infinite canvas to visualize ideas, workflows, processes, and so much more. Come see all the possibilities of this new tool; enroll in an on-demand course or register for live training today!

Key Highlights from Zoom’s June Releases

Updates to Zoom Web Portal

New and Enhanced Features 

Admin Features

  • Restrict which group can create channels – Account owners and admins can restrict which groups can create public and/or private channels. This setting may impact new and existing groups, and if a user belongs to two or more groups, the most restrictive setting will apply. This setting is only available at the group level and requires client version 5.11.0 or higher; it does not have backward compatibility. Changes will not take effect immediately; users must sign out and sign back in for this change to take effect.
  • Enhancements to Operation Logs – Account owners and admins can review and export an audit log that contains a list of all admin actions. The new actions where an audit happens are any time an admin views personal data and reports, shares recordings, exports data, and manages user activities. This enhancement allows the admin to export this data in the Operations Log. This feature is enabled by default.
  • Allow multiple participants to screen share – Account owners and admins can enable a setting in the Zoom web portal to allow multiple participants to screen share simultaneously during meetings. Previously, hosts could only enable this setting once the meeting had started. This feature must be enabled by Zoom Support or Customer Success. This feature can also apply to Webinars but is not supported in webinars using Backstage. Users must be on client version 5.11.0 to access this feature.
  • Mio Chat Interoperability integration – Account owners and admins can set up the Mio Chat Interoperability integration, which allows Zoom Chat users to chat across platforms with users on Slack, Microsoft Teams, and WebEx. This integration is helpful for communication between users working at the same company but on different platforms or as a solution when migrating from another chat platform to Zoom Chat. This feature must be enabled by Zoom and is currently only available for US customers.

Changes to Existing Features

  • Invite limit added for webinar panelists – The number of panelists that can join a webinar is determined by the host’s meeting capacity. A new limit is introduced for how many people the host can invite as panelists to each session. This limit is set to twice the number of allowed panelists. This does not impact existing invite lists.
  • Cloud recording storage updates – Cloud recording storage limits will be expanded to 5GB per licensed user on Pro and Business accounts. Previously, Pro and Business accounts had 1GB of cloud recording storage per license.

 Updates to the Zoom Desktop Client

New and Enhanced Features

General Features

  • View profile cards in meetings for Windows, macOS, Linux, Android, and iOS – If allowed by account admins, users can view other participants’ Zoom profile cards from within a meeting by hovering over View Profile in the video panel. This feature is available at the account level and can be enabled by admins or owners in the web portal. To use this feature, users must have client version 5.11.0 or higher.

Meeting and Webinar Features

  • Set persistent video filters for future meetings for Windows and macOS – Users can choose a video filter, such as color filters, frame, and foreground effects, which can be set and applied to all future meetings. Filters can be adjusted as needed before or during a meeting. 
  • Pre-enable Multiple Participants Share Content for Windows, macOS, and Linux – Host can schedule meetings with the Multiple participants can share simultaneously option pre-enabled. Contact Zoom Support or Customer Success to have the feature enabled.

Meeting Features

  • Search breakout rooms in Windows, macOS, and Linux – Hosts and co-hosts are able to better manage breakout rooms with the ability to search participants or breakout rooms by name, allowing them to quickly view, assign, or move participants between breakout rooms.

Webinar Features

  • Simultaneous sharing for panelists for Windows, macOS, Linux, Android, and iOS – Webinar attendees can now experience the simultaneous sharing of presentations by panelists (the same functionality that is already available for Zoom Meetings). The webinar attendee can choose which screen to view, such as seeing the content in their language when a presentation is shared in different languages.

Chat Features

  • Share Zoom Whiteboard to Zoom Chat channels for Windows, macOS, Android, and iOS – Zoom Whiteboards created in the web portal or desktop client can be shared to Zoom Chat Channels. This feature is also available for Zoom for Intune Android and iOS.
  • Enhanced deep linking for chat and channels for Windows, macOS, Android, and iOS – Chat messages can be linked to and from private channels, group chats, and 1:1 conversations. Only users with existing access can view the referenced channels, group chats, or messages.
  • Support for restricting channel creation by user groups for Windows, macOS, Linux, Android, and iOS – Admins can restrict at the Group level if users can create their own public or private channels. This can be configured for both new and existing user groups, and admins can change the setting at any time.
  • Support for GIF content rating restrictions for Windows, macOS, Linux, Android, and iOS – Account admins can restrict certain GIF images in Zoom Chat based on GIPHY’s content rating system. Rating include G, PG, PG-13, and R. This feature is also available in the web portal and requires client version 5.11.0 or higher. 
  • Chat folders – Chat folders are now supported on mobile for Android and iOS mobile clients.

Phone Features

  • Call forwarding for Windows, macOS, Linux, Android, and iOS – Phone users can enable/disable Call Forwarding on their client and forward their call to internal extensions, external contacts/numbers, and voicemail, depending on their phone plan and policy. This setting can be set for a time duration if desired.
  • Search common area phones in Contacts for Windows and macOS – Users can search and dial a desk phone from the Zoom client. They can also browse through a list of Zoom Phone Appliance names in the Contacts  page under the Zoom Phone Appliances section.

Zoom Apps Features

  • Guest mode for authenticated users for Windows and macOS – Meeting users can access a Zoom App through guest mode, even if they are authenticated in the meeting. This allows users some functionality when collaborating on apps that have not been pre-approved by an admin or installed by them directly while limiting user data that is provided to the app. 

Updates to Zoom Phone

New and Enhanced Features

Admin Features

  • Call waiting – Account owners and admins can choose different options when a user is busy with a call and another call is waiting to be answered by that user. In addition to the default holding/ending/dismissing the call, the setting can be changed to forward the call to voicemail/videomail or another extension/external number/external contact to play a message then disconnect, or play a busy signal.
  • Enhancement to personal voicemail and videomail – Account owners and admins can allow their users to share their voicemails as part of their policy when download is disabled for those users.
  • Enhancement to call and recording logs — Account owners and admins can view call and recording log details to show all participants.
  • Enhancement to call handling – Account owners and admins now have access to more granular options for call handling, forwarding, and overflow. In addition to being able to add external numbers, the call handling settings at the user level allow admins and users to forward the call to external contacts. The overflow settings allow forwarding calls to external numbers in addition to the current settings.

Updates to Zoom Events

New and Enhanced Features

Host Features 

  • Review reported incidents without downloads – When reviewing reported incidents, hosts and chat moderators can view any attached screenshots in the image viewer window without downloading the image. Previously, hosts had to download screenshots to view them.
  • Add or hide marketing opt-in – Under Registration Requirements, hosts can choose to display or hide the optional Marketing Opt-In check box at event registration.

Payment & Billing Features

  • US tax exemptions – When a tax-exempt account in the United States hosts an event, taxes will be excluded from ticket purchases. Zoom Events hubs will recognize and display the Zoom account’s tax-exempt status.

Changes to Existing Features

  • Zoom Events chat navigation  – Zoom Events users can participate in any chat using the Chat panel, regardless of where they are in the event. Previously, users could only navigate to and participate in chats in their event area.
  • Co-editors can save and republish events on assigned pages – Co-editors can only save and republish content on pages the host has assigned to them. Hosts can then update the entire event accordingly.
  • Republish button support for expo – Hosts and co-editors (with editing permission) can publish or update expo by using the republish button. This will save and update changes (live) to expo only at the expo level. The republish button will save and publish updated content, which will be visible to attendees.

Updates to Zoom Rooms

New and Enhanced Features 

General Features

Business Updates

  • Zoom Software Lifecycle Policy – We plan to implement our new Software Lifecycle Policy on November 5, 2022, for all products and services, starting with the minimum versions referenced in the table found here. Users running an end-of-life version after November 5 will not be able to join meetings via the Zoom Client and will be prompted to update or join from the Web browser. 
    As always, we highly recommend you regularly download and update to the latest version of Zoom software by checking for updates within the Zoom client or by navigating to zoom.us/download to take advantage of all our latest security and functionality features.
  • Limit Network Bandwidth – With the growth of remote work in areas with varying internet quality, some companies limit the amount of bandwidth allocated for audio and video based on IP range. This option will become available to all accounts in August. This feature is for administrators familiar with network configuration, and the policies are intended for local networks that are known to have limitations at specific locations. Before using this feature, we strongly recommend reaching out to your Zoom Support Team for advice and consultation. Customers should only limit bandwidth in very specific circumstances. Visit our support site to learn more about managing bandwidth limits.
  • Migration from Chrome OS App to Zoom PWA required – As we end support for the Zoom Chrome OS App, we are asking all customers to switch to the Zoom progressive web applications (PWA). To prevent disruption, education customer should migrate all users prior to Aug. 1. Account administrators can migrate all users by clicking into account management account settings > and then enabling the “Auto-launch PWA when joining a meeting on Chrome OS.” The app will no longer be visible in the Google Play Store after Nov. 5, 2022. 
  • Upcoming changes to Zoom presence and location – In our upcoming July release, users will be able to indicate whether they are working remotely or in an office. We will also remove the “mobile” indicator from the user presence feature to not differentiate availability based on mobile vs. desktop because our Zoom mobile and desktop clients enjoy rich feature parity.