Mass-deploying with preconfigured settings for iOS in zoom app
The Zoom mobile app can be remotely configured by system administrators using a mobile device management (MDM) application on iOS devices that are managed by the system. Administrators can make sure that certain settings are used or disabled altogether in this way.
As part of Zoom Device Management, you can enroll the mobile app and manage its settings from the Zoom web portal, which gives you the ability to control desktop client and mobile app settings centrally from the Zoom web portal.
Learn how to install Zoom on a variety of devices including Windows, Mac OS, and Android devices using pre-configured settings. It is also possible to centrally manage the settings for Zoom’s desktop client and mobile applications using Zoom’s own Device Management platform.
Prerequisites for using MDM to configure Zoom on iOS
-
A device that runs iOS 4 or a later version of iOS
-
Software like AirWatch and Microsoft Intune are examples of enterprise mobility management (EMM) software
Note: However, if an App Protection Policy is not deployed along with the Zoom app, then users will be prompted to login to their Intune accounts every time they launch the Zoom app, regardless of whether it is required or not. The next time the user launches the app, he or she will be prompted to sign in with their Microsoft credentials, but by adding the App Protection Policy, further authentication prompts from the Intune service will not be needed.
Configuration options
Configuration key | Description | Value type |
---|---|---|
Install and update | ||
SetEnrollToken4CloudMDM | Enroll your device into Zoom Device Management with a token provided from the web portal. | String |
Section text 1 | ||
DisableCertPin | Disable Certificate Pinning. | Boolean |
EnableIndependentDataPort | If enabled, the client will use the following ports for media transmission: | Boolean |
Audio: 8803 | ||
Screen share: 8802 | ||
Video: 8801 | ||
BandwidthLimitDown | Set maximum receiving bandwidth for the desktop client. | String |
Note: If bandwidth is restricted through web settings, the web restrictions override restrictions set in the client. | ||
BandwidthLimitUp | Set maximum sending bandwidth for the desktop client. | String |
Note: If bandwidth is restricted through web settings, the web restrictions override restrictions set in the client. | ||
Authentication | ||
mandatory:EnableAppleLogin | Allow access to Apple login option. | Boolean |
ForceLoginWithSSO | Defaults login to SSO. | Boolean |
EnableCloudSwitch | Enable the option to switch between Zoom commercial (default) and Zoom for Gov. | Boolean |
mandatory:EnableAliPayLogin | Enables login with Alipay authentication. (A) | Boolean |
mandatory:EnablePhoneLogin | Enables login with phone authentication. (A) | Boolean |
mandatory:EnableWeChatLogin | Enables login with WeChat authentication. (A) | Boolean |
DisableAutoLaunchSSO | Prevent Zoom from automatically launching the previously used SSO URL. This is useful for users with multiple accounts, each having their own SSO URL. | Boolean |
DisableLoginWithEmail | Remove Email login option. | Boolean |
DisableFacebookLogin | Remove Facebook login option. | Boolean |
DisableGoogleLogin | Remove Google login option. | Boolean |
DisableLoginWithSSO | Remove SSO login option. | Boolean |
EnforceAppSignInToJoin | Require authentication on the desktop client to join any meeting on the desktop client. | Boolean |
EnforceAppSignInToJoinForWebinar | Require authentication on the mobile app to join any webinar. | Boolean |
SetDevicePolicyToken | Require internal meeting authentication. (C) | String |
EnforceLoginWithMicrosoft | Require login with Microsoft authentication. | |
EnforceSignInToJoin | Require users to be authenticated before joining a meeting with the desktop client. Authentication can take place through the the web portal, if joining through join URL. | Boolean |
EnforceSignInToJoinForWebinar | Require users to be authenticated before joining a webinar with the mobile app. Authentication can take place through the the web portal, if joining through join URL. | Boolean |
SetAccountIDsRestrictedToJoin | Restrict the client to only join meetings hosted by the specified account IDs. (B) | String |
ForceSSOURL | Set and lock the default SSO URL for SSO login. | String |
For example, hooli.zoom.us would be set as "ForceSSOUrl=hooli". | ||
SetSSOURL | Set the default SSO URL for SSO login. | String |
For example, hooli.zoom.us would be set as "SetSSOURL=hooli". | ||
SetEmailDomainsRestrictedToLogin | Set the email address domain that users can login with, each separated by "&". | String |
Example: zoom.us & hooli.com | ||
EnableEmbedBrowserForSSO | Use embedded browser in the client for SSO. | Boolean |
General meeting and client options | ||
DisableBroadcastBOMessage | Disable the ability for the host to broadcast a message to all open breakout rooms. | Boolean |
DisableClosedCaptioning | Disable the use of all closed captioning. | Boolean |
DisableMeetingReactions | Disable the use of Meeting reactions. | Boolean |
DisableNonVerbalFeedback | Disable the use of Non-verbal feedback. | Boolean |
DisableQnA | Disable the use of Q&A in webinars. | Boolean |
DisableWebinarReactions | Disable the use of Webinar Reactions. | Boolean |
MeetingReminder | Display reminder notifications for upcoming meetings. | Boolean |
AlwaysShowMeetingControls | Set use of Always show meeting controls setting. | Boolean |
Video | ||
TurnOffVideoCameraOnJoin | Automatically turn off camera when joining a meeting. | Boolean |
DisableReceiveVideo | Disable receiving video. | Boolean |
DisableVideoCamera | Disable sending video. | Boolean |
EnableFaceBeauty | Enable Touch up my appearance. | Boolean |
SetFaceBeautyValue | Used in conjunction with EnableFaceBeauty, this allows you to set the exact intensity of the Touch up my appearance filter. | String |
Audio | ||
AutoJoinVOIP | Automatically connect audio with computer audio when joining a meeting. | Boolean |
DisableComputerAudio | Disable and remove the Computer Audio from the meeting audio options. | Boolean |
Screen sharing | ||
EnableBlurSnapshot | Blur the view of other apps when switching between apps during screen share. | Boolean |
DisableWhiteBoard | Disable Classic Whiteboard feature. | Boolean |
DisableInMeetingWhiteBoard | Disable the Zoom Whiteboard feature in meetings and webinars. | Boolean |
DisableShareScreen | Disable the ability to share your screen in meetings and webinars. | Boolean |
Note: This does not disable incoming screen sharing from other participants. | ||
DisableDesktopShare | Disable the option to share your desktop when screen sharing. | Boolean |
In-meeting Chat | ||
DisableMeetingChat | Disable in-meeting chat. | Boolean |
Zoom Apps | ||
DisableZoomApps | Hide the Zoom Apps button. | Boolean |
Background and Filters | ||
DisableVideoFilters | Disable Video filters feature. | Boolean |
DisableVirtualBkgnd | Disable Virtual Background feature. | Boolean |
EnableAutoReverseVirtualBkgnd | Require post-meeting virtual background auto-reversal. | Boolean |
Recording | ||
DisableCloudRecording | Disable recording to the cloud. | Boolean |
Zoom Room and Room System calling | ||
DisableDirectShare | Disable direct share with Zoom Rooms option. | Boolean |
NeedCallARoom | Display the Call Room System button on the home screen of the desktop client. | Boolean |
Zoom Chat | ||
DisableLinkPreviewInChat | Disable link previews. | Boolean |
SetMessengerDoNotDropThread | Move messages with new replies to the bottom of the chat/channel. | Boolean |
MuteIMNotificationWhenInMeeting | Mute chat system notifications when in a meeting. | Boolean |
PlaySoundForIMMessage | Play audio notifications when an IM message is received. | Boolean |
Miscellaneous | ||
SyncMeetingFromCalendar | Controls the Sync Zoom Meetings From Calendars setting in the mobile app. | Boolean |
EmbedDeviceTag | Embed a specified device tag string for all HTTP requests from Zoom client application. This string will be appended to the head of the regular HTTP requests. | String |
Intercloud Policies | ||
Intercloud_DisableAllFeatures | Disables all features except for audio and video for meetings hosted on the ZfG cloud. | Boolean |
Intercloud_DisableShareScreen | Disables the local ability to share screen on meetings hosted on the ZfG Cloud. | Boolean |
This does not affect others' ability to shared content. | ||
Intercloud_DisableMeetingChat | Disables the use of in-meeting chat on meetings hosted on the ZfG Cloud. | Boolean |
Intercloud_DisableMeetingReactions | Disables the use of meeting reactions on meetings hosted on the ZfG Cloud. | Boolean |
OverrideEnforceSigninIntercloud | Override the EnforceSignInToJoin policy and allows a user to join a Zoom meeting hosted on the ZfG Cloud, without the need to authenticate. | Boolean |
Intercloud_DisableClosedCaptioning | Disabled by default, this option disables the use of captioning features on meetings hosted on the ZfG Cloud. | Boolean |
Intercloud_DisableComputerAudio | Disabled by default, this option disables the use of computer audio for connecting to meetings hosted on the ZfG Cloud. | Boolean |
Intercloud_DisableMeetingPolls | Disabled by default, this option disables the use of polling in meetings hosted on the ZfG Cloud. | Boolean |
Intercloud_DisableWhiteBoard | Disables the use of in-meeting whiteboarding on meetings hosted on the ZfG Cloud. | Boolean |
Notes:
-
(A) Only devices in the region of China are able to take advantage of these options.
-
(B) A request should be sent to Zoom Support by a Zoom account owner or admin if you wish to acquire your account ID.
-
(C) You will need to have an account owner or admin submit a request to Zoom Support before this feature can be enabled for your account. In order to be able to view and edit the device policy management, a role must also be edited by the owner. On the Device Policy Management page, you will be able to retrieve the token that you require.
-
In order to make the configuration option mandatory for all users, you need to use the prefix “mandatory:” followed by the key name. The Zoom feature will not be available on iOS devices when it comes to allowing users to change the options.
Sample XML for Intune
<dict> <key>ForceLoginWithSSO</key> <integer>1</integer> <key>SetSSOURL</key> <string>success</string> <key>MeetingReminder</key> <integer>1</integer> <key>mandatory:SyncMeetingFromCalendar</key> <integer>0</integer> <key>mandatory:TurnOffVideoCameraOnJoin</key> <integer>0</integer> </dict>
Sample XML for AirWatch
<managedAppConfiguration> <version>1.2.10</version> <bundleId>us.zoom.videomeetings</bundleId> <dict> <integer keyName="ForceLoginWithSSO"> <defaultValue> <value>1</value> </defaultValue> </integer> <string keyName="SetSSOURL"> <defaultValue> <value>success</value> </defaultValue> </string> <integer keyName="MeetingReminder"> <defaultValue> <value>1</value> </defaultValue> </integer> <integer keyName="mandatory:SyncMeetingFromCalendar"> <defaultValue> <value>0</value> </defaultValue> </integer> <integer keyName="mandatory:TurnOffVideoCameraOnJoin"> <defaultValue> <value>0</value> </defaultValue> </integer> </dict> </managedAppConfiguration>
How to configure Intune?
How to install Intune Company Portal on users’ devices
-
It is possible for your users to use the Intune Company Portal on their mobile devices by installing the app.
-
If you would like your users to manage their devices through the Company Portal app, you should instruct them to sign in to the app and follow the instructions provided in the app.
-
If your users are using the Intune Company Portal to access the Zoom app, you can instruct them to install Zoom.
How to apply a configuration policy
-
Enter your Microsoft 365 Device Management account information and sign in to the dashboard.
-
Click Client apps on the left hand navigation menu, then click App configuration policies on the right hand navigation menu
- Click Add and enter the following information:
-
-
Name: If you would like to display the configuration under a different name, then enter it here.
-
Description: Describe the configuration in as much detail as possible so that it can be identified.
-
Device enrollment type: Make sure that Managed devices are selected.
-
Platform: Click on the iOS option.
-
Associated app: The app store for Zoom Cloud Meetings can be found here.
-
-
- To configure the settings, click the Configuration tab.
- Choose Enter XML Data from the Format drop-down menu of the Configuration settings.
- Set the configuration options by using the text box provided.
- Then click the OK button.
Note: However, if an App Protection Policy is not deployed along with the Zoom app, then users will be prompted to login to their Intune accounts every time they launch the Zoom app, regardless of whether it is required or not. The first time the app is launched, a user will need to sign in with their Microsoft credentials, but by adding the App Protection Policy, the user will not have to enter their credentials again for the next few sessions.
How to assign configuration policy to a group
-
In the left-hand panel, click the Assignments button.
-
Select the groups that you want to include by clicking on Select groups.
-
In order to add a group to the selected list, you will have to search for the group that you would like to apply the policy to and click the group name.
-
Please click on the Select button.
-
Once you have selected the groups that you want to apply the policy to, click Save to complete the process.
The configuration may take a few minutes for all devices in the network to be updated with the new configuration.