Encryption for Zoom Phone

Zoom Phone supports secure voice calls for connections between the Zoom Cloud and the Zoom desktop client, mobile app, web browser/client, and supported SIP devices. During call setup, Zoom Phone uses SIP over TLS 1.2 with Advanced Encryption Standard (AES) 256-bit algorithm for these connections. The Zoom desktop client, mobile app, and web browser/client connections encrypt call media to the Zoom Cloud using SRTP with AES 256-bit encryption algorithm. SIP devices configured with SRTP use AES-128 or AES-256 bit algorithm to encrypt call media for connections to the Zoom Cloud, otherwise, unencrypted RTP is used as a fallback.

Table of Contents

Zoom Phone desktop app and mobile app

Zoom Phone supports SIP signaling between the Zoom app and/to server over TLS1.2 with AES-256 bit encryption. Media call is transported and protected by SRTP with AES-256 encryption.

Zoom Phone devices

Zoom Phone supports standards-based encryption using SIP over TLS 1.2 Advanced Encryption Standard (AES) 256-bit algorithm for calls and during phone provisioning sessions. In addition, call media is transported and protected by SRTP with AES-128 algorithm for all devices. Zoom Phone admins can upgrade to AES-256 bit encryption for supported devices.

Learn more about certified devices.

Manage Zoom Phone encryption at the account level

Upgrade to AES-256 bit encryption

Note: Account-level AES-256 encryption is only available if an admin has one site. Otherwise, the admin must enable the AES-256 Encryption for Devices feature for each site individually under the Security section in the site's Settings tab.

  1. Sign in to the Zoom web portal.
  2. In the navigation menu, click Phone System Management then Company Info.
  3. Click Account Settings.
  4. Click the Settings tab.
  5. In the Security section, under AES-256 Encryption for Devices, click Add.
  6. Select a brand and model, then click Save.
  7. Repeat steps 5 and 6 to add more devices.

Downgrade to AES-128 bit encryption

If you previously upgraded to AES-256 bit encryption, you can downgrade to AES-128 bit.

  1. Sign in to the Zoom web portal.
  2. In the navigation menu, click Phone System Management then Company Info.
  3. Click Account Settings.
  4. Click the Settings tab.
  5. In the Security section, under AES-256 Encryption for Devices, click the ✖ icon to remove a model and downgrade it to AES-128 bit encryption.
    A confirmation window will appear.
  6. In the window, click Remove.

Manage Zoom Phone encryption at the site level

Upgrade to AES-256 bit encryption

Admins can upgrade specific models in a site to use AES-256 bit encryption.

  1. Sign in to the Zoom web portal.
  2. In the navigation menu, click Phone System Management then Company Info.
  3. If you have multiple sites, click the name of the site you want to edit.
  4. Click the Settings tab.
  5. In the Security section, under AES-256 Encryption for Devices, click Add.
  6. Select a brand and model, then click Save.
  7. Repeat steps 5 and 6 to add more devices.

Downgrade to AES-128 bit encryption

If you previously upgraded to AES-256 bit encryption, you can downgrade to AES-128 bit.

  1. Sign in to the Zoom web portal.
  2. In the navigation menu, click Phone System Management then Company Info.
  3. If you have multiple sites, click the name of the site you want to edit.
  4. Click the Settings tab.
  5. In the Security section, under AES-256 Encryption for Devices, click the ✖ icon to remove a model and downgrade it to AES-128 bit encryption.
    A confirmation window will appear.
  6. In the window, click Remove.
note icon
By default, AES-128 bit encryption is enabled for call media transmitted by supported SIP devices. Admins can upgrade devices to AES-256 bit encryption using the web portal. Fax lines may not support full encryption.