Follow

What Zoom settings should Zoom Owners and Admins apply to secure meetings?

To ensure users conduct secure virtual meetings, Zoom Owners and Admins should setup Zoom with the following recommended settings:

  • Review all settings under Advanced->Security
  • Review all settings under Account Management->Account Settings
    1. Disable “Join before host” by default.
      • If JBH is enabled, all scheduled meetings become available to anyone at any time. Someone may discover an open virtual room and use it fraudulently.
    2. Disable “Use Personal Meeting ID (PMI) when scheduling a meeting”.
      • This will help to prevent someone from joining the meeting at the wrong time if the meeting ID is reused.
    3. Disable “User Personal Meeting ID (PMI) when starting an instant meeting”.
      • This will help to prevent someone from joining the meeting at the wrong time if the meeting ID is reused.
    4. Enable “Only authenticated users can join meetings” but will require host to disable at scheduling for meetings not requiring authentication.
      • If meetings only have authenticated users, there is reliable audit log of genuine participants who joined the meetings.
      • This will help to prevent Zoombombing, authenticated students can be audited if acceptable use policy breached.
    5. Enable and enforce (padlocked) “Require a password when scheduling new meetings”.
      • Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
      • This will help to prevent Zoombombing.
    6. Enable and enforce (padlocked) “Require a password for instant meetings”.
      • Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
      • This will help to prevent Zoombombing.
    7. Enable and enforce (padlocked) “Require a password for Personal Meeting ID (PMI).” 
      • For “All meetings using PMI”. WARNING: consider the impact to your users as there are many users using PMI for daily and scheduled future meetings.
      • Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
      • This will help to prevent Zoombombing.
    8. Enable “Embed password in meeting link for one-click join”
      • Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
      • This will help to prevent Zoombombing.
    9. Enable and enforce (padlocked) “Require password for participants joining by phone”
      • Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
    10. Enable “Bypass the password when joining meetings from meeting list”
    11. Enable and enforce (padlocked) “Mute participants upon entry”
      • This will help to prevent noisy participants from disrupting the meeting.
    12. Enable “Play sound when participants join or leave”.
      • This will help to creates awareness of participants in meetings.
    13. Enable and enforce (padlocked) “Screen Sharing” but set “Host Only” can share.
      • This will help to prevent Zoombombing by screen sharing.
    14. Disable “Allow removed participants to rejoin”.
    15. Enable “Waiting Room”
      • Host can admit permitted participants.
      • This will help to prevent Zoombombing.

In addition, it is also very important for your organisation to:

  • Have a safe use/acceptable use policy for appropriate use of information technology.
  • Keep the Zoom software and devices updated. Find out more about updates