Managing the Zoom client with BlackBerry UEM

With the Zoom for BlackBerry application, IT administrators for an organization can manage and deploy the security policy to manage iOS and Android devices.

This article covers:

Prerequisites for managing the Zoom client with BlackBerry UEM

How to add the Zoom application to UEM

  1. Log into BlackBerry Marketplace.
  2. Search for Zoom for BlackBerry.
  3. Click on the application.
  4. On the app page, click Start Trial.

How to configure Zoom for BlackBerry for deployment

  1. Log into your BlackBerry UEM server.
  2. Click Apps.
  3. In the dropdown, click Apps.
  4. In the apps list, click Zoom for BlackBerry.
  5. Click Settings.
  6. Click BlackBerry Dynamics.
  7. Under App configuration, click the plus + to add a new deployment configuration.
  8. Under the Name field, enter the name of the configuration.
  9. Set your desired settings for the app deployment.
  10. Click Save.

Settings available within BlackBerry UEM

General

Under the General tab, administrators can set policies for Data Leakage Prevention, allowing certain features to be disabled in accordance with your organization's privacy and security policies.

The following settings are available:

SettingPolicyDefault
Deny user access to CameraDisables the ability for the Zoom client to access the device’s camera.Disabled
Deny user access to Photo GalleryDisables the ability to access and share photos from the device’s built photo gallery apps.Disabled
Disable “Send to Zoom Buddies” on Android and share to “Zoom” on iOSAndroid- Disables and hides the ability to share data or media from other apps with the Zoom client utilizing Android’s share intent functions.Disabled
iOS- Disables the ability to share data or media with the Zoom client from other apps using Apple’s share extension processes.Disabled
Disable certificate pinningDisables the client’s need to verify certificates against saved certificate copies.Disabled


Login

Under the Login tab, security settings for user login for the Zoom application can be modified, including enabling/disabling certain login options, as well as configuring SSO login domains.

The following settings are available:

SettingPolicyDefault
Enforce login with SSOForce login with SSO (Single Sign-On) only.Disabled
Disable SSO loginDisables login via SSO (Single Sign-On).Disabled
Disable email loginDisables login with email and password.Disabled
Disable Facebook loginDisables login with Facebook OAuth.Enabled
Disable Google loginDisables login with Google OAuth.Enabled
Disable Apple loginDisables login with Apple OAuth.Disabled
Use embedded web page while SSO login (iOS Only)If enabled, Zoom will use the embedded browser for SSO login instead of using the device’s default browser.Disabled
Enforce the company domain for SSO sign-inSets and lock the default SSO login domain URL for a client login (Single Sign-On).Disabled
SSO Login Company DomainSets the default SSO login domain for Zoom; Example: abc or abc.zoom.us.Disabled
Sign in to Zoom with the following specified domainsRestricts the email domains that the client can log in with (separated by "&"); Example: abc.com & zoom.us.Disabled

 

Chat

Under the Chat tab, message behavior can be set as the default settings, as well as enforced for all users.

The following settings are available:

SettingPolicyDefault
Move messages with new replies to the bottom of the chatAutomatically moves messages to the bottom of the chat when a new reply has been added. If disabled message threads will be shown in chronological order.Disabled
Make Sort Message setting mandatory for all users in your accountEnforces the behavior set under Move messages with new replies to the bottom of the chat.Disabled


Note: An option must be selected under Move messages.., for this to take effect.

Webview

Under the WebView tab, administrators can enable WebView filters for approved websites, as well as set blocked sites that will not be displayed using WebView.

Note: If WebView filter is enabled, but the approved list is empty, all URLs will be blocked, even if they are not explicitly listed on the block list. If a specific URL is not listed under the approved list, but the domain is, the URL will still load.

Along with the WebView setting, Android-specific policies can also be enabled as well:

SettingPolicyDefault
Enforce Same-origin policyAllows the embedded browser to permit scripts contained in web pages to access data in other web pages if they have the same origin.Disabled
Disable JavaScript and PluginDisables Javascript and Java plugins from running on web pages within the embedded browser.Enabled
Disable cacheDisables cached data within the embedded browser.Enabled
Disable local file accessDisables the ability for the embedded browser to access the device’s local file storage.Enabled
Upon logout, sessions and cookies will be deletedUpon log out of the client, session and cookies will be deleted for the embedded browser.Enabled

 

Meeting

Under the Meeting tab, default in-meeting and join meeting settings or behaviors can be set for the application. The following settings are available:

SettingPolicyDefault
Show dialog to confirm the joinEnables the join meeting dialog every time a user tries to join a meeting using a link opened from another app.Disabled
Require authentication to join (does not apply to webinars)Requires users to be signed into the client before joining a meeting.Disabled
Disable screen shareDisables and hides the Share Screen feature.Disabled
Disable BookmarksDisables and hides the bookmark sharing feature.Disabled
Disable whiteboard (only iPad in iOS, for all Android devices)Disables and hides the whiteboard sharing feature.Disabled
Disable rename participants in the meetingDisables and hides the host’s ability to rename participants.Disabled
Disable in meeting chatDisables and hides the in-meeting chat feature.Disabled
Disable cloud recordingDisables and hides the cloud recording feature.Disabled
Disable Virtual BackgroundDisables and hides the Virtual Background feature.Disabled
Disable Q&A in webinarsDisables and hides the Q&A feature in webinars. Disabled
Meeting reminder (iOS only)Enables or disables upcoming meeting reminders.Enabled
Make Meeting Reminder setting mandatory for all users in your accountEnables or disables and locks the meeting reminder setting within the client.Disabled
Sync Zoom Meetings to calendarEnables synced calendars, and checks for any Zoom meetings on your device’s calendars. Enabled
Sync Zoom meetings from calendar (iOS only) Enables the synced calendars setting on iOS devices only, and checks for any Zoom meetings on your device’s calendars. Enabled
Make syncing Zoom meetings from calendar mandatory for all users in your account (iOS only) Enables and locks the synced calendars setting on iOS devices only, and checks for any Zoom meetings on your device’s calendars. Disabled

 

Note: Sync Zoom Meetings to calendar and Sync Zoom meetings from the calendar (iOS only) are enabled by default.

BlackBerry Dynamics Features (iOS)

Under the BlackBerry Dynamics Features (iOS) tab, you can set the Bypass Unlock Policy, which determines if the following call user interface is to be displayed when an iOS device is locked. This includes the following menus:

Note: By default, this setting is enabled, however, it is dependent on the Blackberry Dynamic policy item "Require password after a period of inactivity" is enabled for the device.

BlackBerry Dynamics Features (Android)

Under the BlackBerry Dynamics Features (Android) tab, you can set the Bypass Unlock Policy, which determines if the following call user interface is to be displayed when an Android device is locked. This includes the following menus:

Note: By default, this setting is enabled, however, it is dependent on the Blackberry Dynamic policy item Require password after a period of inactivity is enabled for the device.

How to create custom policies

Creating custom policies

While settings for the Zoom for BlackBerry app can be configured utilizing the UEM interface, admins can also add custom policies to configure other settings for the Zoom Client for Android and iOS, that are not configurable within the other areas of the UEM deployment settings. 

The format for custom policies is as follows: 

{ 
"policies": [
{
"key": "[configuration key]",
"value": [key value]
}
],
"version": "[version]"
}

Notes:

For example, if an admin wanted to configure the client to disable receiving video and set the default SSO URL to myorganization.zoom.us, the policy would be: 

{ 
"policies": [
{
"key": "DisableReceiveVideo",
"value": 1
},
{
"key": "SetSSOURL",
"value": "myorganization"
}
],
"version": "1.0"
}

Custom policy setting priorities

If utilizing both the configuration settings within UEM as well as custom policies, the following is the priority of settings the client will use:

  1. Settings that are set as mandatory within the custom policy (utilizes mandatory: in the name of the key).
  2. Settings that are set as mandatory within the App configuration settings (i.e utilizing UEM GUI to enable or disable settings).
  3. Settings that are set as recommended within the custom policy (does not utilize mandatory: in the name of the key).
  4. Settings that are set as recommended within the App configuration settings (i.e utilizing UEM GUI to set the default settings).