ZDM for Zoom desktop and mobile clients
With Zoom Device Management expanding today, administrators can configure client behavior for Zoom desktop and mobile clients. As soon as these policies are applied, their effects will always be the same, regardless of the logged-in user’s identity. MSI/GPO and other similar processes are required for the distribution and application of these settings. Client groups can be applied client policies through the Zoom web portal using Zoom Device Management (ZDM) functionality. In addition to Windows, macOS, Linux, iOS, and Android, ZDM also supports policy management on iOS.
Notes:
-
The list of your managed Zoom clients will appear after you enroll your devices.
-
User settings are not impacted by ZDM settings applied to devices and clients.
Prerequisites for Zoom Device Management for Zoom desktop and mobile clients
-
Accounts for enterprises
-
Ownership or admin rights on an account
-
Client for Zoom on the desktop
-
You must have Windows 5.8.3 or higher
-
A macOS version of at least 5.8.3 is required
-
A minimum of 5.8.3 is required for Linux
-
-
Client for Zoom on mobile devices
-
A minimum of 5.8.3 is required for Android
-
A minimum of iOS 5.8.3 is required
-
-
You can enable the desktop and mobile ZDM clients by contacting Zoom Support.
Note: You can expect the feature to be enabled within 3 business days of contacting Zoom Support.
How to create device groups to manage your Zoom desktop and mobile clients
In order to divide your managed devices by groups and apply policies based on the needs of each group or department, you will need to create groups to divide your managed devices. Once the group is created and a token is created, it will be added to the account as soon as possible. In order to enroll your devices into ZDM, you will need to create at least one group in order to get started.
Note: You can access your enrollment token by following the instructions in the section How to access an enrollment token.
-
If you are an administrator, you will need to sign in to Zoom’s web portal.
-
You can access the Device Management section by clicking the Device List link in the navigation menu.
-
Click the + Add Group button on the Groups tab on the left side of the screen.
-
The name of the group should be entered in the Group Name box.
-
If you wish to add a description to the group, you can do so in the Description box.
-
Then click the Finish button.
-
For the creation of additional groups, click Save & Add Another as an option.
How to access the enrollment token to enroll a Zoom desktop and mobile client
The unique token for each group of devices has now been created and you can access it now that you have established your device groups. By deploying this token to the desktop app or mobile app, the device will then be added to the respective device group when deployed to the desktop client or mobile app.
-
If you are an administrator, you will need to sign in to Zoom’s web portal.
-
Click on Device Management from the navigation menu and then click Device List from the list of devices.
-
Select the Groups tab from the left side of the screen, and then click Edit next to the desired group that you want to edit.
-
Go to the Profile tab and click on it.
-
You will need to complete the following steps in the Enrollment section:
-
Click Download enrollment configuration file if you are enrolling devices that are running Windows or macOS.
-
The token generated for a group cannot be copied, so if you are enrolling devices that run operating systems other than Windows® or macOS®, select Copy adjacent to the token that is generated.
Notes:-
Your clipboard will be saved with the token once you click on it.
-
If you prefer to copy and paste the token manually rather than using the clipboard, you can do so by selecting the token manually.
-
-
How to deploy the enrollment token
It’s time for you to deploy your enrollment token to your managed installations now that you have generated the enrollment token. The enrollment token is set using the SetEnrollToken4CloudMDM Key, which will be used to set the enrollment token. Depending on the operating system you are using, you may be able to refer to the following examples:
Deploying the enrollment token on Windows devices
If you have downloaded an enrollment configuration file, you can push it to your MSI/GPO process about how to enroll your devices. If you wish to copy a token to a key, the following are some examples:
Using MSI
The procedure for deploying an MSI would be as follows, with the replacement of <Token> with the one you generated:
A msiexec /i ZoomInstallerFull.msi program will be installed when the ZConfig parameter is set to the following:
Note: The article below contains more information about the deployment of Microsoft Installer (MSI) for Windows that is available for users. The article can be found by clicking the link provided below.
Using GPO
The following would be an example of a simple GPO deployment, where you would replace <Token> with the one you generated:
“SetEnrollToken4CloudMDM”=”<Token>”
The key and value for this configuration key shall be set in the configuration file which can be found here:
I found the following key: HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Zoom/Zoom Meetings/General in the registry
Note: You can find more details about GPO deployment in the support article Group Policy options for Windows which contains more detailed information.
Deploying the enrollment token on macOS devices using PLIST
In order to install your plist, you would need to follow the steps below, replacing <Token> with the one you generated:
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>SetEnrollToken4CloudMDM</key>
<string><Token></string>
</dict>
</plist>
Note: The mass installation for macOS support article is a great resource for more information about PLIST deployment for macOS users.
Deploying the enrollment token on Linux devices using config file
The deployment would be as simple as this: replace the token you generated with the token you used during installation.
EnrollToken4CloudMDM=”<Token>”
You would set these configuration keys and values in the configuration file located here:
~/.config/zoomus.conf
Deploying the enrollment token on Android devices using MDM
Using AirWatch, Intune, or Google Workspace, Zoom can be deployed to managed devices within an organization that are managed by these services. It is likely that you will use either of the two methods to deploy this device/group of devices, but one configuration key will need to be set as mandatory:SetEnrollToken4CloudMDM, with the configuration value being the token you created for the device.
If you would like to deploy through Microsoft Intune, here is an example XML and you will need to replace <Token> with the one you generated:
<dict>
<key>SetEnrollToken4CloudMDM</key>
<string><Token></string>
</dict>
Note: You can refer to the MDM for Android support article for more detailed information regarding MDM deployment for Android.
Deploying the enrollment token on iOS devices using MDM
Zoom App for iOS devices can be deployed via AirWatch and Intune to devices that are managed by a company. You will need to set a configuration key as SetEnrollToken4CloudMDM in order to add your device/group of devices to the cloud MDM, and the configuration value will be the token that you created for this device/group of devices.
It would be helpful if someone could provide an example XML file for deploying through AirWatch, as follows, substituting the token you generated with the following:
<managedAppConfiguration>
<version>1.2.10</version>
<bundleId>us.zoom.videomeetings</bundleId>
<dict>
<string keyName=”SetEnrollToken4CloudMDM”>
<defaultValue>
<value><Token></value>
</defaultValue>
</string>
</dict>
</managedAppConfiguration>
Note: I suggest you refer to the support article on MDM for iOS if you would like more detailed information about MDM deployment for Android.
How to unenroll a device from ZDM
There is no limit to the number of times that the device can be disenrolled from ZDM after it is enrolled.
-
You should first clear the token value set by SetEnrollToken4CloudMDM that has been deployed by MSI/GPO/PLIST/MDM so that the token is no longer valid.
-
Make sure that you are logged in as an administrator on the Zoom web portal.
-
Click on Device Management from the navigation menu and then click Device List from the list of devices.
-
Click on the empty box to the left of the device you wish to unenroll, and then you should be able to select it.
-
You can easily unenroll from ZDM by clicking on the ellipsis button on top-right of the device list.
How to delete a device group
It is possible to delete a group at any time after it has been created. As soon as a group is deleted, all enrollment tokens associated with that group will be automatically deleted.
Note: You can select as many groups as you wish to delete at once if you wish to delete several groups at the same time.
-
Become a Zoom administrator by logging into the Zoom web portal.
-
You can access the Device List by clicking Device management in the navigation menu.
-
Go to the tab titled Groups and click on it.
-
The easiest way to delete a group is to identify it and click on the empty box to the left of the group you want to delete.
-
You can delete the tab by clicking on the Delete button at the top of the tab.
-
You will see a pop-up window asking you to confirm the deletion by clicking Delete.
How to change group settings for your managed Zoom desktop and mobile clients
Changing group settings for ZDM managed clients can be found under Changing group settings for ZDM managed clients.