While Team Chat messages in-transit between users and the Zoom cloud are encrypted by default, advanced chat encryption facilitates more secure Zoom Team Chat messaging between Zoom users. By default, Team Chat messages are transmitted between the user's device and the Zoom cloud using TLS 1.2 with Advanced Encryption Standard (AES) 256-bit algorithm with server-side generated keys. With advanced chat encryption enabled, keys are generated by the user’s device and shared only with the other chat participants' devices.
While advanced chat encryption is an extra layer of privacy for your chats, some Team Chat functionality is limited by enabling this setting. Organizations and individual Zoom users should determine whether that functionality is needed before enabling advanced chat encryption. Zoom’s default chat encryption may provide organizations with the level of security to support multiple regulatory compliance frameworks, so advanced chat encryption may not be necessary (and/or recommended) for all customers. This should be used for specific high-security and sensitive-information environments that do not require the full functionality of Team Chat.
With advanced chat encryption enabled, it is possible for messages to be sent and then unrecoverable, due to the encryption keys being deleted upon uninstallation. Since the encryption key is only stored on the devices of recipients, Zoom is also unable to assist with recovery, so it is important for account admins to consider this possibility before enabling.
This article covers:
By default, Zoom uses TLS to encrypt in-transit Team Chat messages between users and the Zoom Cloud. Zoom also encrypts at-rest Team Chat messages stored within the Zoom Cloud. Advanced chat encryption uses a device generated and stored key to encrypt messages between all users in a chat, and then additionally encrypts these messages in-transit between users and the Zoom Cloud using TLS.
When advanced chat encryption is enabled:
When advanced chat encryption is disabled:
With advanced chat encryption enabled for your account, users and admins are unable to use certain Team Chat features, including, but not limited to, the following:
Note: Admins can still see:
Metadata such as chat participants, file name, size, and the date/time of the message sent
*Note: Inter-account encryption functionality can be contingent upon all chat participants having advanced chat encryption enabled by their account admin. Account admins are unable to see a chat user's message text in chat history where all chat users have advanced chat encryption enabled. When a user does not have this setting enabled, account admins for their account or others may be able to see their message text in chat history, including accounts where the setting is enabled. However, channels or group chats initiated by a user with advanced chat encryption enabled will extend advanced chat encryption to an external user's messages regardless of their settings. Learn more about the effect of Zoom Team Chat settings on inter-account communications.
Note: When advanced chat encryption is enabled, admins can restrict certain file types from being shared. If a user attempts to share a restricted file type, the system will recognize and block or allow the file based on the configured permissions.
To enable the advanced chat encryption for all members of your organization:
After enabling advanced chat encryption, chats in the Zoom desktop app and mobile app tab will display a padlock icon to indicate that advanced chat encryption is enabled.
Users will not see the encrypted chat until they open Zoom. Notifications, including those on the lock screen, will state that they have received an encrypted chat message.
Note: When advanced chat encryption is enabled, admins can restrict certain file types from being shared. If a user attempts to share a restricted file type, the system will recognize and block or allow the file based on the configured permissions.
When using advanced chat encryption, there may be situations where a sent message cannot be decrypted and viewed. This is often due to both users not being online at the same time and thus unable to share the key used to decrypt the message.
To resolve such an issue, ensure both users are online, so that the encryption key can be automatically shared between them and the message decrypted.
It is also possible for the encryption key to be lost, resulting in any advanced chat encrypted messages becoming unrecoverable. For instance, if a message is sent but then the recipient uninstalls the Zoom app before the message is decrypted and viewed, then the encryption key that was used to encrypt the message is lost and cannot be recovered. However, chat messages are only lost if all parties with access to the message lose their encryption keys. As long as a party is still online with access to the messages, the other parties can regain their access.