Preparing your organization's content for ZoomMate indexing

Before enabling ZoomMate to connect to shared repositories, such as Google Drive, OneDrive, or Zoom Canvas, administrators should review how content in the repositories is shared across their organization. AI Companion can reference content that users already have permission to access; so, repositories that are broadly shared, such as documents available to the entire organization or domain, may be included in AI-generated responses once indexing is enabled.

Administrators can also control access to data sources through account settings on the Zoom web portal, including the ability to enable or block personal data sources and restrict organizational data sources to specific user groups.

Reviewing repository sharing settings helps organizations understand which content may become available through ZoomMate. For example, files shared with domain-wide permissions, such as Anyone in the organization, may be surfaced by ZoomMate if they are indexed and the requesting user has access.

Preparing your organization’s content and permissions before enabling indexing helps ZoomMate surface accurate, appropriate, and intended information. Reviewing and managing repository permissions can also help reduce the risk of unintended exposure of draft, confidential, or personal content while maintaining existing access controls from the source system.

Learn more about third-party data sources in AI Studio, ZoomMate sources on the web, and the ZoomMate bluepaper.

How ZoomMate uses organizational content

Understand ZoomMate data sources

ZoomMate can reference external content from connected data sources to generate responses and assist users with organizational knowledge. These data sources can be configured either by individual users or by administrators, depending on the scope of the content being accessed.

• Personal data sources allow users to connect their own accounts, such as Google Drive, Gmail, OneDrive, or Outlook, so ZoomMate can reference files they personally own or have access to. Users authenticate these connections themselves using the provider’s API. Personal data sources require a ZoomMate license and are limited to the user’s own accessible content, which powers features such as the file picker when selecting documents for ZoomMate interactions.
• Organizational data sources are configured by administrators using a service-level account. When enabled, ZoomMate can index shared repositories, such as Google Drive, OneDrive, or Zoom Canvas, and retrieve relevant information from those repositories using retrieval-augmented generation (RAG).

Understand how ZoomMate respects permissions

When organizational data sources are enabled, Zoom indexes the data and:

• ZoomMate respects existing repository permissions.
• It does not override or expand access controls.
• Users can only receive responses based on content they are already authorized to view.
• If a document is shared with your entire organization, ZoomMate may reference it when responding to users who have access.

If content is broadly shared, it may be eligible for inclusion in AI-generated responses. Due to this, Zoom recommends that before enabling, organizations review content domains and potentially restrict the scope of content that is indexed by ZoomMate.

How to prepare your organization’s content for ZoomMate indexing

Before enabling organizational data sources and allowing Zoom to index your data, complete the following steps to verify that your organization's content is ready.

1. Review organization-wide sharing settings

Review your organization's content and sharing settings to ensure that only appropriate information is available to ZoomMate.

• Review organization-wide sharing settings: Identify documents that are shared with your entire domain or organization. Consider whether files with broad permissions, such as Everyone in the organization should be accessible to all users who have permission to view them.
• Limit document access where appropriate: Share documents only with the specific users or groups that require access. Avoid granting organization-wide permissions unless the content is intended to be broadly available.
• Review default sharing settings: Check your repository’s default sharing configuration to confirm that new files are shared with restricted access by default whenever possible.
• Understand link-sharing permissions: Review link-sharing settings, such as links that allow access to Anyone in the organization. These links may make documents broadly accessible and therefore eligible to appear in ZoomMate responses.
• Verify shared content: For files shared with your domain, confirm that:
  • Content is finalized and approved
  • Sensitive information is not unintentionally shared
  • Draft or personal materials are restricted appropriately

Google Drive

1. Access Google Drive.
2. In the search bar, enter: owner:me source:domain.
3. Update permissions as needed.

OneDrive

1. Access OneDrive.
2. Use the search bar to find files shared broadly: sharedwith:Everyone or sharedwith:"Everyone except external users".
3. Review and adjust permissions where necessary.

Zoom Canvas

1. Access Zoom Canvas.
2. Check if the Zoom Doc is shared with Anyone in the organization [Your Organization]. If it is, proceed with the following actions:
   • Confirm it is ready for broad visibility
   • Confirm it does not contain confidential or draft material
   • Update sharing settings if access should be limited

2. Audit sensitive or restricted content

Check for documents that may require limited access, such as:

• Financial projections
• HR or personnel information
• Privileged legal documents
• Security procedures
• Early product plans
• Internal brainstorming documents

If these files are shared organization-wide, consider restricting access.

3. Improve content hygiene

AI surfaces existing content. Preparing your repository can improve response quality and reduce confusion.

Consider:

• Remove or restrict access to outdated documents that should no longer be referenced.
• Remove duplicate drafts or redundant files that may create conflicting information.
• Use consistent naming conventions so documents are easier to identify and retrieve.
• Clearly label document status, such as Draft or Final, to help distinguish working documents from published content.
• Remove personal notes or informal materials from shared folders that are broadly accessible.

Performing this review helps ensure that ZoomMate responses reflect accurate, current, and intended information from your organization’s repositories.

Important considerations for ZoomMate data sources

When enabling organizational data sources for your organization's ZoomMate:

• Confirm your organization understands that broadly shared content may be referenced.
• Confirm that sensitive documents are not shared domain-wide unless intended.
• Communicate internally about reviewing sharing settings.

Notes:

• ZoomMate does not create new access to content. It operates within the permissions your organization has already configured.
• If a document is visible to your entire organization, it may be referenced in responses to users who also have access.

Recommended internal communication template

Consider notifying employees before enabling organizational data sources: We are enabling ZoomMate to help surface organizational knowledge more efficiently. Please review documents shared with the entire organization to confirm that only intended content is broadly accessible.

Clear communication helps prevent misunderstandings and supports a smooth rollout.