With the Zoom for BlackBerry application, IT administrators for an organization can manage and deploy the security policy to manage iOS and Android devices.
This article covers:
Under the General tab, administrators can set policies for Data Leakage Prevention, allowing certain features to be disabled in accordance with your organization's privacy and security policies.
The following settings are available:
Setting | Policy | Default |
Deny user access to Camera | Disables the ability for the Zoom client to access the device’s camera. | Disabled |
Deny user access to Photo Gallery | Disables the ability to access and share photos from the device’s built photo gallery apps. | Disabled |
Disable “Send to Zoom Buddies” on Android and share to “Zoom” on iOS | Android- Disables and hides the ability to share data or media from other apps with the Zoom client utilizing Android’s share intent functions. | Disabled |
iOS- Disables the ability to share data or media with the Zoom client from other apps using Apple’s share extension processes. | Disabled | |
Disable certificate pinning | Disables the client’s need to verify certificates against saved certificate copies. | Disabled |
Under the Login tab, security settings for user login for the Zoom application can be modified, including enabling/disabling certain login options, as well as configuring SSO login domains.
The following settings are available:
Setting | Policy | Default |
Enforce login with SSO | Force login with SSO (Single Sign-On) only. | Disabled |
Disable SSO login | Disables login via SSO (Single Sign-On). | Disabled |
Disable email login | Disables login with email and password. | Disabled |
Disable Facebook login | Disables login with Facebook OAuth. | Enabled |
Disable Google login | Disables login with Google OAuth. | Enabled |
Disable Apple login | Disables login with Apple OAuth. | Disabled |
Use embedded web page while SSO login (iOS Only) | If enabled, Zoom will use the embedded browser for SSO login instead of using the device’s default browser. | Disabled |
Enforce the company domain for SSO sign-in | Sets and lock the default SSO login domain URL for a client login (Single Sign-On). | Disabled |
SSO Login Company Domain | Sets the default SSO login domain for Zoom; Example: abc or abc.zoom.us. | Disabled |
Sign in to Zoom with the following specified domains | Restricts the email domains that the client can log in with (separated by "&"); Example: abc.com & zoom.us. | Disabled |
Under the Chat tab, message behavior can be set as the default settings, as well as enforced for all users.
The following settings are available:
Setting | Policy | Default |
Move messages with new replies to the bottom of the chat | Automatically moves messages to the bottom of the chat when a new reply has been added. If disabled message threads will be shown in chronological order. | Disabled |
Make Sort Message setting mandatory for all users in your account | Enforces the behavior set under Move messages with new replies to the bottom of the chat. | Disabled |
Note: An option must be selected under Move messages.., for this to take effect.
Under the WebView tab, administrators can enable WebView filters for approved websites, as well as set blocked sites that will not be displayed using WebView.
Note: If WebView filter is enabled, but the approved list is empty, all URLs will be blocked, even if they are not explicitly listed on the block list. If a specific URL is not listed under the approved list, but the domain is, the URL will still load.
Along with the WebView setting, Android-specific policies can also be enabled as well:
Setting | Policy | Default |
Enforce Same-origin policy | Allows the embedded browser to permit scripts contained in web pages to access data in other web pages if they have the same origin. | Disabled |
Disable JavaScript and Plugin | Disables Javascript and Java plugins from running on web pages within the embedded browser. | Enabled |
Disable cache | Disables cached data within the embedded browser. | Enabled |
Disable local file access | Disables the ability for the embedded browser to access the device’s local file storage. | Enabled |
Upon logout, sessions and cookies will be deleted | Upon log out of the client, session and cookies will be deleted for the embedded browser. | Enabled |
Under the Meeting tab, default in-meeting and join meeting settings or behaviors can be set for the application. The following settings are available:
Setting | Policy | Default |
Show dialog to confirm the join | Enables the join meeting dialog every time a user tries to join a meeting using a link opened from another app. | Disabled |
Require authentication to join (does not apply to webinars) | Requires users to be signed into the client before joining a meeting. | Disabled |
Disable screen share | Disables and hides the Share Screen feature. | Disabled |
Disable Bookmarks | Disables and hides the bookmark sharing feature. | Disabled |
Disable whiteboard (only iPad in iOS, for all Android devices) | Disables and hides the whiteboard sharing feature. | Disabled |
Disable rename participants in the meeting | Disables and hides the host’s ability to rename participants. | Disabled |
Disable in meeting chat | Disables and hides the in-meeting chat feature. | Disabled |
Disable cloud recording | Disables and hides the cloud recording feature. | Disabled |
Disable Virtual Background | Disables and hides the Virtual Background feature. | Disabled |
Disable Q&A in webinars | Disables and hides the Q&A feature in webinars. | Disabled |
Meeting reminder (iOS only) | Enables or disables upcoming meeting reminders. | Enabled |
Make Meeting Reminder setting mandatory for all users in your account | Enables or disables and locks the meeting reminder setting within the client. | Disabled |
Sync Zoom Meetings to calendar | Enables synced calendars, and checks for any Zoom meetings on your device’s calendars. | Enabled |
Sync Zoom meetings from calendar (iOS only) | Enables the synced calendars setting on iOS devices only, and checks for any Zoom meetings on your device’s calendars. | Enabled |
Make syncing Zoom meetings from calendar mandatory for all users in your account (iOS only) | Enables and locks the synced calendars setting on iOS devices only, and checks for any Zoom meetings on your device’s calendars. | Disabled |
Note: Sync Zoom Meetings to calendar and Sync Zoom meetings from the calendar (iOS only) are enabled by default.
Under the BlackBerry Dynamics Features (iOS) tab, you can set the Bypass Unlock Policy, which determines if the following call user interface is to be displayed when an iOS device is locked. This includes the following menus:
Note: By default, this setting is enabled, however, it is dependent on the Blackberry Dynamic policy item "Require password after a period of inactivity" is enabled for the device.
Under the BlackBerry Dynamics Features (Android) tab, you can set the Bypass Unlock Policy, which determines if the following call user interface is to be displayed when an Android device is locked. This includes the following menus:
Note: By default, this setting is enabled, however, it is dependent on the Blackberry Dynamic policy item Require password after a period of inactivity is enabled for the device.
While settings for the Zoom for BlackBerry app can be configured utilizing the UEM interface, admins can also add custom policies to configure other settings for the Zoom Client for Android and iOS, that are not configurable within the other areas of the UEM deployment settings.
The format for custom policies is as follows:
{
"policies": [
{
"key": "[configuration key]",
"value": [key value]
}
],
"version": "[version]"
}
Notes:
For example, if an admin wanted to configure the client to disable receiving video and set the default SSO URL to myorganization.zoom.us, the policy would be:
{
"policies": [
{
"key": "DisableReceiveVideo",
"value": 1
},
{
"key": "SetSSOURL",
"value": "myorganization"
}
],
"version": "1.0"
}
If utilizing both the configuration settings within UEM as well as custom policies, the following is the priority of settings the client will use: