Managing the Zoom client with BlackBerry UEM
IT administrators can manage and deploy the security policy for managing iOS and Android devices in a company using Zoom for BlackBerry application, which can be used by IT administrators for the management of the mobile devices.
Prerequisites for managing the Zoom client with BlackBerry UEM
-
Management console for BlackBerry Unified Endpoints
-
Custom policies can only be utilized with version 5.11.0 or higher
How to add the Zoom application to UEM
-
You can access the BlackBerry Marketplace by logging into your BlackBerry device.
-
Zoom for BlackBerry can be found by searching for it.
-
The application will appear once you click on it.
-
You can start the trial by clicking the Start Trial button on the app’s page.
How to configure Zoom for BlackBerry for deployment
-
Make sure that you are logged into the BlackBerry UEM server.
-
Click on the Apps tab.
-
Click the Apps option in the drop-down menu.
-
Click Zoom for BlackBerry in the list of apps.
-
Then click on the Settings button.
-
To learn more about BlackBerry Dynamics, click here.
-
A new deployment configuration can be added by clicking the plus (+) button under App configuration.
-
The name of the configuration should be entered in the Name field.
-
In order to deploy your app, you will need to set the desired settings.
-
Then click the Save button.
Settings available within BlackBerry UEM
General
Data Leakage Prevention policies can be set under the General tab of the system, allowing your administrator to disable certain features according to the privacy and security policies that your organization has.
There are several settings that you can choose from:
| Setting | Policy | Default |
|---|---|---|
| Deny access to the camera to the user | The Zoom client is no longer able to access the camera on the device if this option is enabled. | Disabled |
| Photo Gallery access is denied to the user | In the photo gallery app on the device, you will no longer be able to access or share photos through this feature. | Disabled |
| If you use Android, turn off "Share to Zoom Buddies" and if you use iOS, turn off "Zoom" | Zoom clients for Android are able to disable and hide the ability to share data or media from other apps that are integrated with the Zoom client using the share intent features that Android provides. | Disabled |
| The iOS version disables the ability to use Apple's share extension processes in other apps in order to share data with Zoom via these apps. | Disabled |
|
| The pinning of certificates should be disabled | Normally, certificates must be verified against copies of certificates saved in the client, but this is no longer necessary. | Disabled |
Login
A user can modify security settings related to the Zoom application login under the Login tab, which includes enabling or disabling certain features of the Zoom login interface and configuring SSO login domains for the Zoom application.
It is possible to set the following settings:
| Setting | Policy | Default |
|---|---|---|
| Enforce login with SSO | Only allow SSO (Single Sign-On) to be used for logins. | Disabled |
| Disable SSO login | Disables the ability to log in via SSO (Single Sign-On). | Disabled |
| Disable email login | This disables the login process with an email address and a password. | Disabled |
| Disable Facebook login | The Facebook OAuth login method is disabled. | Disabled |
| Disable Google login | Allows you to disable the Google OAuth login process. | Disabled |
| Disable Apple login | The Apple OAuth login feature is disabled. | Disabled |
| While logging in with SSO, embed a web page (iOS only) | The embedded browser will be used by Zoom to login to SSO instead of using the default browser on the device if SSO is enabled. | Disabled |
| For SSO to work, the domain of the company must be enforced | An SSO login domain URL is configured and locked for use when a client logs in to an application (Single Sign-On). | Disabled |
| SSO Login Company Domain | It is possible to set the default SSO login domain for Zoom; for example: ABC or ABC.zoom.us. | Disabled |
| Using the following domains, you will be able to sign in to Zoom | Specifies that only a certain email domain can be used for logging in by the client (separated by "&"); for example, ABC.com & Zoom.us. | Disabled |
Chat
Message behavior can be configured under the Chat tab by setting the default settings to be the default for all users and enforcing them for all users as well.
There are a variety of settings available, including:
| Setting | Policy | Default |
|---|---|---|
| The bottom of the chat should be moved to the bottom of messages with new replies | When a new reply is added to a chat, the messages are automatically moved to the bottom of the chat window. The order in which message threads are displayed will be determined by whether the feature is disabled. | Disabled |
| All users in your account should be required to use the Sort Message setting | The bottom of the chat will be moved with new replies when this option is selected. | Disabled |
Note: It is necessary to select an option under Move messages.., so that this will be applied to your account.
Webview
A user can configure WebView filters to restrict access to approved websites, as well as block specific websites from being displayed using WebView, under the WebView tab.
Note: WebView filter will block all URLs, even if they are not explicitly listed in the block list, if the approved list is empty, even if the WebView filter is enabled and the approved list is empty. Even if the URL is not included in the approved list, but the domain is, the URL will still be able to load as long as it is in the approved list.
It is also possible to enable Android-specific policies in addition to the WebView setting, for example:
| Setting | Policy | Default |
|---|---|---|
| Make sure same-origin policies are enforced | When a corresponding script is included in a web page, the embedded browser allows that script to access the data in another web page if the web pages share the same origin. | Disabled |
| Plugins and JavaScript should be disabled | Web pages in the embedded browser cannot be rendered with JavaScript or Java plugins. | Enabled |
| Disable cache | The embedded browser will no longer cache data. | Enabled |
| Access to local files should be disabled | Removes the device's local file storage ability from the embedded browser. | Enabled |
| Session data and cookies are deleted upon logout | In the embedded browser, session and cookies are deleted after logging out of the client. | Enabled |
Meeting
You can alter the default settings or behaviors of the application while in-meeting or joining a meeting under the Meeting tab. There are a number of settings you can choose from, including:
| Setting | Policy | Default |
|---|---|---|
| Confirm the join with a dialog box | Every time a user opens a link from another app to join a meeting, the join meeting dialog is enabled. | Disabled |
| Joining requires authentication (webinars are not affected) | A user must be logged in to join a meeting. | Disabled |
| Turn off screen sharing | Hides and disables the Share Screen feature. | Disabled |
| Bookmarks should be disabled | Share bookmarks can be disabled and hidden. | Disabled |
| On iOS, you can disable the whiteboard (for all Android devices, but only on iPads) | The feature of sharing whiteboards is disabled and hidden. | Disabled |
| The ability to rename meeting participants should be disabled | Removing the ability of the host to rename participants is disabled and hidden. | Disabled |
| Chat in meetings should be disabled | Chat in meetings is disabled and hidden. | Disabled |
| Cloud recording can be disabled | Turns off cloud recording and hides it. | Disabled |
| Turn off the virtual background | This feature hides and disables the Virtual Background. | Disabled |
| In webinars, disable Q&A | This feature is disabled and hidden in webinars. | Disabled |
| Reminder for meetings (only for iOS) | Reminds of upcoming meetings can be enabled or disabled. | Enabled |
| All users in your account should be required to enable Meeting Reminders | The meeting reminder setting in the client can be enabled, disabled, and locked. | Disabled |
| Calendar sync for Zoom Meetings | The sync feature allows you to check your device's calendar for Zoom meetings. | Enabled |
| (Only for iOS) Sync Zoom meetings with your calendar | Checks your device's calendar for any Zoom meetings and enables the synced calendars setting on iOS devices only. | Enabled |
| Make sure all users in your account are syncing their Zoom meetings with calendars (only for iOS devices) | Checks your calendar for any Zoom meetings, and allows you to enable and lock synced calendars on iOS only. | Disabled |
Note: By default, Zoom Meetings are enabled to be synchronized with the calendar and Zoom Meetings are enabled to be synchronized with the calendar (iOS only).
BlackBerry Dynamics Features (iOS)
You can set the Bypass Unlock Policy under the BlackBerry Dynamics Features (iOS) tab, which will determine whether or not the following call user interface is displayed when an iOS device is locked, when the Bypass Unlock Policy is set to Bypass Unlock. There are a number of menu options included in this package:
-
Screenshot of an incoming call for a meeting
-
The screen that appears in the meeting call
-
Screen for calling out meetings during a meeting
-
Zoom screen for incoming phone calls
-
This is the Zoom screen where you can make a phone call
-
Screenshot of Zoom Phone Calling Out
Note: This setting is enabled by default for all devices that support the Blackberry Dynamic Policy, however, it is dependent upon the Blackberry Dynamic Policy item “Require password after a period of inactivity” being enabled on the device.
BlackBerry Dynamics Features (Android)
It is possible to change the Bypass Unlock Policy, which is under the BlackBerry Dynamics Features (Android) tab, in order to determine whether the following call user interface will be displayed while an Android device is locked when you configure the Bypass Unlock Policy. There are several menus included in this package, including:
-
Call screen for incoming meetings
-
The screen that appears in the meeting call
-
This is a screen that is used to call out meetings
-
Zoom screen for incoming phone calls
-
This is the Zoom screen where you can make a phone call
-
Using Zoom to call out on a phone
Note: Blackberry Dynamic policy item Require password after a period of inactivity can be enabled whether or not this setting is enabled by default for the device. This setting depends on whether the item Require password after a period of inactivity is enabled.
How to create custom policies
Creating custom policies
While it is possible to configure Zoom for BlackBerry settings using the UEM interface, admins will also be able to create custom policies to configure other Zoom Client settings for both Android and iOS. These can be configured using the UEM interface, but they cannot be configured with the UEM interface for the Zoom for BlackBerry app.
In order to create custom policies, you will need to follow the following format:
{
“policies”: [
{
“key”: “[configuration key]”,
“value”: [key value]
}
],
“version”: “[version]”
}
-
Configuration key– In this case, we are configuring a setting.
-
Key value– There is a string, an integer, or a boolean value that represents the value of the setting
-
Version– Keeping track of the policy version is done through version control.
Note: There should be a value of “1.0” set in the Version field.
Notes:
-
A string-based key value should be enclosed within quotation marks (“”) if the type of key is a string variable.
-
A Boolean-based variable does not require quotation marks when the value of the key is a Boolean-based variable.
For instance, if an administrator wanted to set the default URL for SSO to myorganization.zoom.us or if he or she wanted to disable receiving video, then the following policy would be applicable:
{
“policies”: [
{
“key”: “DisableReceiveVideo”,
“value”: 1
},
{
“key”: “SetSSOURL”,
“value”: “myorganization”
}
],
“version”: “1.0”
}
Custom policy setting priorities
The following are the priorities of the settings the client will use if they are going to use both the configuration settings within UEM as well as custom policies:
-
Within the custom policy, it is possible to set settings that are mandatory (using the mandatory: in the key name).
-
A mandatory setting within the App configuration has to be set within the App configuration settings (e.g. enabling or disabling the setting via the UEM GUI).
-
This custom policy is configured as recommended within it (does not use mandatory: in the key name) as well as within the recommended settings.
-
The default settings should be set in accordance with the recommendations within the App configuration settings (for example, by using the UEM GUI to set the default settings for the app).