Differences when advanced chat encryption is enabled and disabled
If advanced chat encryption is enabled:
- Participants’ devices generate and operate encryption keys.
- Transcripts are encrypted with TLS.
When advanced chat encryption is disabled:
- Data at rest: Chat content is encrypted by keys generated and operated on our AWS server with AWS KMS.
- Data in transit: Chat is encrypted in transit using TLS
Limitations after enabling advanced chat encryption
After you enable advanced chat encryption, users and admins can’t use these chat features:
- cannot send animated GIFs
- Files/images can be viewed in the right-side panel (click the info icon to display this panel).
- Send messages and edit them.
- Chat notifications show previews of messages.
- Mark messages for future reference.
- Look up past conversations.
- View links to previous chats.
Admins can enable link previews by default, but they are disabled by default.
- Admins can view chat history by default.
However, they can also view:
- Metadata such as chat participants, file names, sizes, and date/time of messages
- as well as their reactions
- received from external accounts if advanced chat encryption is disabled
**Note: Link previews and chat history search are supported if using version 5.8.0 or higher for Windows, macOS, Android, and iOS.
Enabling advanced chat encryption
IM groups have merged with Groups if you signed up for a new Zoom account after August 21, 2021; or if the New Admin Experience is enabled on your account. Get help setting up groups.
To enable the advanced chat encryption for all members of your organization:
- Access the Zoom web portal.
- Under Account Management, click IM Management (in the navigation panel).
- Click IM Settings.
- Check that Advanced Chat Encryption is enabled.
Toggle it on if it is disabled. Select Turn On from the verification dialog box.
- Enabling link previews is optional if advanced chat encryption is enabled.
Users who send and receive links in chat messages will be shown link previews if the option is enabled. Senders and recipients will be able to preview the link in the sender’s message before it is encrypted. This link preview feature detects only URLs that begin with http:// or https:// and end with a non-empty space. By default, this feature is disabled.
Using encrypted chat
When advanced chat encryption is enabled in Zoom desktop and mobile apps, a lock icon will appear to indicate that the chat is encrypted.
Zoom users will not be able to see the encrypted chat until they have opened it. When a person receives an encrypted chat on their phone, they will receive a notification (including the one on their lock screen).
Troubleshooting failures to decrypt messages
A sent message may not be able to be decrypted and viewed when Advanced Chat Encryption is used. This typically occurs because the two users cannot share the key to decrypt the message because they are not connected simultaneously. The key is automatically shared between the users when they are online, and the message is decrypted.
It is possible for the key used to encrypt messages to be lost when a user clears their chat messages or uninstalls the Zoom client before receiving and viewing those messages. As a result, neither device has the key to decrypt the sent message, so it cannot be decrypted.