Managing restricted voicemails for Zoom Phone
Zoom Phone users can use Restricted voicemails to secure the voicemails. Device Managed Encryption allows voicemail to be encrypted with keys that are not accessible to Zoom servers. Restricted voicemail can be decrypted only by the intended user recipient. This allows users to have additional security controls over their voicemails to maintain confidentiality. This functionality must be enabled by administrators before it's available to users.
Device Managed Encryption is currently available for two features:
- Zoom Mail
- Restricted voicemails for Zoom Phone
Note: This setting is only available with Zoom app version 5.12.0 or later.
This article covers:
Prerequisites for managing restricted voicemail for Zoom Phone
- Business or Enterprise account
- Account owners and admins with appropriate Escrow permissions
- Zoom Phone plan
- Power Pack license
Note: This policy requires a Power Pack license to be enabled. If the user who inherits this policy does not have a Power Pack license, the policy will not be applied. - Zoom desktop app
- Windows: 5.12.0 or higher
- macOS: 5.12.0 or higher
- Linux: 5.12.0 or higher
Limitations of Device Managed Encryption
Device Managed Encryption for restricted voicemails has the following limitations:
- Shared Line Appearance, Shared Line Group, Call Queue, or Auto Receptionist voicemail are not supported. These functionalities will not be encrypted but can still be played.
- Email-to-voicemail, transcriptions, and checking voicemails by dialing into the voicemail system or web are disabled when this feature is enabled.
Differences between Device Managed Encryption for restricted voicemails and regular voicemails
Device Managed Encryption for restricted voicemails has notable differences between regular voicemails as noted below.
- Restricted voicemails cannot be retrieved or checked by dialing in from a phone.
- Restricted voicemail-to-email functionality will not be available.
- Restricted voicemails cannot be forwarded to or shared with other users.
- Restricted voicemail transcriptions are not available.
Restricted voicemails are tied to a user’s device. Allowing device access to existing voicemails requires authorizing voicemails from a device that can access (e.g., voicemails that can be replayed) those voicemails.
How to enable or disable restricted voicemails for Zoom Phone
Once Device Managed Encryption is enabled, voicemail messages are received and recorded by Zoom servers, which encrypt them with keys only known to their intended recipients’ devices. When Device Managed Encryption is enabled, authorized admins can access and decrypt the account user’s data and help with provisioning new devices. Users under the escrow are notified that their data is under escrow.
Account
- Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
- In the navigation menu, click Account Management then Account Settings.
- Click the Zoom Phone tab.
- Under General, click the Restricted voicemails toggle to enable or disable it.
- If a verification dialog displays, click Enable or Disable to verify the change.
- (Optional) Click the lock icon to prevent users in your account from disabling or enabling this feature.
- (Optional) Select the Disable incoming voicemails if devices have not been enrolled with client side encryption checkbox to prevent users who have not upgraded to encryption from receiving new voicemails, then click Save.
When enabled, Escrow and Allow users to create backup keys will be enabled by default, reflecting the security setup for Escrow. Escrow can only be configured from the security page.
Note: When escrow is enabled, it is enabled for both email and voicemail. You cannot enable escrow for one feature without the other.
Site
After setting up escrow, you can allow emails and voicemail messages for a specific site(s) to be encrypted using Device Managed Encryption.
- Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
- In the navigation menu, click Phone System Management, then Company Info.
- Click the name of the site.
- Click the Policy tab.
- Under General, click the Restricted voicemails toggle to enable or disable it.
- If a verification dialog displays, click Enable or Disable to verify the change.
- (Optional) To prevent all users in your account from changing this setting, click the lock icon , and then click Lock to confirm the setting.
- (Optional) Select the Disable incoming voicemails if devices have not been enrolled with client side encryption checkbox to prevent users who have not upgraded to encryption from receiving new voicemails, then click Save.
Phone user
After setting up escrow, you can allow emails and voicemail messages for a specific phone user(s) to be encrypted with Device Managed Encryption.
- Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
- In the navigation menu, click Phone System Management then Users & Rooms.
- Click the Users tab.
- Click the name of the user.
- Click the Policy tab.
- Under General, click the Restricted voicemails toggle to enable or disable it.
- If a verification dialog displays, click Enable or Disable to verify the change.
- (Optional) Select the Disable incoming voicemails if devices have not been enrolled with client side encryption checkbox to prevent users who have not upgraded to encryption from receiving new voicemails, then click Save.
Note: Disabling Device Managed Encryption for voicemails will still require voicemails that were encrypted with the device keys to continue to be encrypted with device keys and requires the devices to access those voicemails.
How to download escrow-encrypted voicemails
To download an escrow-encrypted voicemail, the escrow admin must sign in to a device that has been configured with escrow.
- Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
- In the navigation menu, click Phone System Management, then Logs.
- Click the Voicemail & Videomail tab.
- Identify your escrow encrypted voicemail.
- To the right of your escrow-encrypted voicemail, do the following actions:
- Click the play icon to listen to the recording.
- Click Download to download the recording.
The Zoom desktop app will open and you’ll be asked to confirm the download.