Requiring media encryption for SIP/H.323

Account owners and admins can require media channel encryption for SIP/H.323 devices joining Zoom meetings, which provides partial encryption for the SIP/H.323 device's connection. Media channel encryption will also need to be enabled on these devices when joining your Zoom meeting or they will receive an error and be unable to join.

If the meeting is only partially encrypted, due to connections such as phone dial-in, SIP/H.323 devices, or streaming via RTMP, meeting participants on supported devices will see a warning icon to indicate partially encrypted connections.

Note: If end-to-end encryption (E2EE) is enabled for a Zoom meeting, it requires meeting participants to join from the Zoom desktop app, mobile app, or Zoom Rooms (and limits some features). SIP/H.323 participants will not be able to join the meeting, even if media encryption for SIP/H.323 devices is enabled, because SIP/H.323 encryption is not capable of meeting the requirements for an E2EE meeting. 

This article covers:

Prerequisites for SIP/H.323 media channel encryption

Enable SIP/H.323 media channel encryption

View the partially encrypted connections warning

How to use the partially encrypted meeting warning

When you are in a Zoom meeting, you will see a shield icon with a check mark  indicating that the meeting is encrypted. However, if any endpoints which cannot use encryption (or can only be partially encrypted) join the meeting, you will see an orange shield icon with an exclamation point instead. If you see a shield with a lock icon , that means the meeting is using end-to-end encryption.

You can also view details of unencrypted or partially encrypted connections by clicking the shield icon, then clicking Exceptions next to Encryption. This will list any unencrypted or partially encrypted connections.

Additionally, the orange shield icon with an exclamation point is displayed if media and signaling are not encrypted, or there are issues validating the TLS certificate:

 
Icon shown in meetingIcon descriptionMedia encryptedSignaling encryptedTLS certificate valid
Green shield with check markEnabledEnabledEnabled
Orange shield with exclamation pointEnabledEnabledDisabled
Orange shield with exclamation pointEnabledDisabledDisabled
Orange shield with exclamation pointDisabledDisabledDisabled

Note: The H.323 protocol does not support encrypted call signaling, so H.323 devices will always have an orange shield icon even though the media channels may be encrypted.

How to enable or disable the SIP/H.323 media channel encryption

Account

To enable or disable Require media encryption for 3rd party endpoints (SIP/H.323) for all users in the account:
  1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  2. In the navigation menu, click Account Management then Account Settings.
  3. Click the Meeting tab.
  4. Under In Meeting (Basic), click the Require media encryption for 3rd party endpoints (SIP/H.323) toggle to enable or disable it.
  5. If a verification dialog appears, click Enable or Disable to verify the change.
  6. (Optional) To prevent all users in your account from changing this setting, click the lock icon , and then click Lock to confirm the setting.

Group

To enable or disable Require media encryption for 3rd party endpoints (SIP/H.323) for a group of users:
  1. Sign in to the Zoom web portal as an admin with the privilege to edit groups.
  2. In the navigation menu, click User Management then Groups.
  3. Click the applicable group name from the list.
  4. Click the Meeting tab.
  5. Under In Meeting (Basic), click the Require media encryption for 3rd party endpoints (SIP/H.323) toggle to enable or disable it.
    Note: If the option is grayed out, it has been locked at the account level and needs to be changed at that level.
  6. If a verification dialog appears, click Enable or Disable to verify the change.
  7. (Optional) To prevent all users in the group from changing this setting, click the lock icon , and then click Lock to confirm the setting.

User

To enable disable Require media encryption for 3rd party endpoints (SIP/H.323) for your own use:
  1. Sign in to the Zoom web portal.
  2. In the navigation menu, click Settings.
  3. Click the Meeting tab.
  4. Under In Meeting (Basic), click the Require media encryption for 3rd party endpoints (SIP/H.323) toggle to enable or disable it.
    Note: If the option is grayed out, it has been locked at either the group or account level. You need to contact your Zoom admin.
  5. If a verification dialog appears, click Enable or Disable to verify the change.