How to Use Information Barriers in Zoom App

The Information Barriers are intended to assist customers with controlling the policy of communication between users and meeting regulatory requirements at scale. Users with sensitive information may use them to block communications with other users who are not expected to see it.

Information Barriers Require These Prerequisites

  • Activating Information Barriers can be done via Support
  • Zoom For desktop client:
    • Windows: 4.6.8 (19178.0323) or higher
    • macOS: 4.6.8 (19178.0323) or higher
  • Zoom For desktop client (for recording group sessions such as Information Barriers and Breakout Rooms):
    • Windows: 5.6.0 or higher
    • macOS: 5.6.0 or higher

Notes:

  • Information Barriers will be disabled and locked at the account level once Information Barriers or Substitutes has been activated for your account. It is possible to re-enable this setting from the account admin, but this will disrupt the Information Barriers section of the account.
  • Information Barriers and Breakout Rooms can be archived on any client version higher than 5.6.0 while using Information Barriers.
  • AA for Information Barriers requires that Breakout Rooms are enabled for 100 Groups in order for the breakout rooms to work as expected. Please contact Zoom Support to sign up for this feature.

Barriers to Information Access Requirements

  • To enable the Information Barrier, Zoom group members need to be part of the group management in the Zoom platform.
  • For meetings:
    • Zoom is a web-based meeting platform that allows users to hold private and public meetings.
    • If you share local recording files with users from groups with blocks, the sharing will not be inspected. We cannot prevent, for example, a situation where a user X cannot meet person Y in person, but they are able to chat on the phone, and the user X decides to send them both a recording file, our system will not be able to prevent this from happening.
  • For chat: Zoom will not block them If a user is invited by email, . The email will be sent to them if the domain is the same as the email address.
  • For meetings and chat: Such scenarios as the following will result in the check policy timeout failing:
    • There is a problem with the policy server.
    • This will cause the check policy check to fail.
    • There are issues with the network.
    • There is a problem with the network.
    • Additionally, there are issues on the client’s end as well.
      • For example, in this case:
        • For each meeting and chat conversation in Zoom, a copy of the most recent policy will be attempted to be retrieved.
          • If the policy server is unreachable at the moment, Zoom will use this policy.
          • When a new policy is synced with the policy server once again, Zoom will use the new value, if the policy server can be reached again.
        • In the event that Zoom cannot find a copy of the policy from the last sync, Zoom will configure itself to prevent all users within the organization’s domain from attending a meeting hosted by someone else and participating in chat conversations hosted by others.

Types of blocks between groups

  • Hard Block describes a communication or meeting where there are many people who are part of a number of different groups. It is important to note that, even if the users are placed into separate break out rooms, Zoom will not let them interact if there is a block between them (as defined by your organization’s Information Barrier policy).
  • A soft block consists of users from multiple groups who are attending the meeting at the same time. It is true that all the participants can collaborate in meetings, but some users are not able to utilize certain features of meetings when another user participates in them. This will happen if there are different users in the same meeting or meeting room, then some features within the meeting will be blocked. There are currently soft blocks available for the following features:
    • Discussions in meetings
    • and file transfers in meetings.
    • Sharing of screens in meetings.
    • Recordings in the cloud or locally.

Information Barriers and their Scope

Policy Sync

Account admins are able to create policies for Information Barriers over Zoom’s Web API or through Zoom’s web settings which allows them to manage policies online.

  • Zoom Web UI
    • Admins of Zoom accounts can manually assign policies and groups to Information Barrier within the Zoom web portal.
      1. You will need to login to the Zoom Web Portal as an administrator who has access to manage all the account settings for your account.
      2. You can do this by clicking Advanced in the menu at the top of the page.
      3. You will then see a list of possible barriers to accessing information.
    • Admins are able to set up groups manually by visiting the web settings section of the account.
    • Admins can configure the policies relevant to each group of users through the web settings.
  • Zoom API
    • In their third-party system, organizations can send policies related to Information Barriers to Zoom.
    • On Zoom’s web portal, you will be able to see the last known synchronization of policies.
    • Zoom recommends that you sync your policies at least every 24 hours to keep your policies up to date.

Zoom Meeting

  • Users who enter Zoom meetings will be subject to the policies in place at the time when they enter them.
  • Per hard block, we will respect the policies preventing group-level communications.
  • Meeting policies will be respected according to the functionalities of each soft block.
  • When there are multiple groups of participants in a meeting, the most restrictive policy will be applied to the meeting and applied to all members of the meeting regardless of their collective membership.
  • Cloud/Local Recording policies:
    • Cloud Recording:
    • During a meeting, participants may belong to more than one group. Although all users are able to attend the meeting, some users are unable to start the cloud recording when another user is also part of the meeting. This can be resolved by blocking cloud recording for the users in the meeting.
    • Local Recording:
    • It is likely that there will be more than one group represented at a meeting. The computer system allows all users to meet with each other, however some users are unable to initiate local recording when another user is present in the meeting. Block local recording for these users if they are also present during the meeting.

Zoom Chat

  • Information barriers prevent users from searching the Internet and chatting with one another.
  • When Information Barriers are applied with other members of your group, group chats or channels are removed for those whose account has Information Barriers.

The process of creating a policy that applies to two groups

By using the Zoom web portal, users can create policies between multiple existing user groups in the following manner:

  1. If you are an administrator with the permission to edit account settings, then you need to sign in to the Zoom web portal.
  2. To do this, click Advanced in the menu bar at the top of the page.
  3. From here, choose the Information Barriers option.

Notes:

  • This policy will apply to all users in a user’s account, regardless of whether they are a member of more than one group.
  • You can create policies for groups only if you already have one.

Information barriers and their limitations

  • The Information Barriers will not be applied to external meetings.
  • If a meeting is being recorded, the links for Cloud Recording will still be generated.
  • It will not be possible to stream custom content using RTMP. There will be no Information Barriers applied to anybody viewing the streamed meeting if the host decides to stream it.
  • We do not support Join Before The Host. When Information Barriers are enabled as an option, all settings related to Join Before The Host will be disabled. The advantage of this is that it prevents the host from being blocked from entering their meeting if another user joins before the host, which would lead to the host being unable to attend.
  • As a result, the Zoom webinar functionality and Zoom phone functionality are not currently available, and only Zoom meetings and chat will be supported at this point.
  • Only authenticated users can join meetings will automatically be enabled when Information Barriers is enabled, as will Only authenticated users can join meetings. It is possible for admins to create authentication exceptions for users to be able to bypass authentication in order to join meetings without going through authentication if authentication profiles are enabled.

Features of Information Barriers

The primary group policies related to information barriers

If a user is a member of multiple groups, then the policies pertaining to Information Barriers of each of those groups will be applied depending on the primary group the user is a part of. An Information Barriers portal pop-up window is displayed to show that only primary groups will be affected as a result of this change.

By using the API and SAML, a group can be created and account holders can be added or removed. A manual group manipulation option is also available. Group manipulation can’t be performed when Information Barriers are enabled. Zoom’s web portal allows you to adjust group settings.

Notes:

  • In order for this feature to work, it is necessary to implement primary groups.
  • For a user’s primary group to be identified and mapped, it is necessary to use both SAML and API methods.

What you need to do to view information about Primary Groups

Please click on the following link to view information about the Primary Group:

  1. You will be asked to sign in as an admin with the ability to edit account settings in the Zoom web portal.
  2. Click on User Management and then click on Group Management to open the Zoom web portal.
  3. You will be able to see a list of all the groups that you need to join.
  4. Simply click the Profile tab.
  5. You will see a link that will tell you how many members are on your profile.
    Whether this particular group is the primary group for a particular user is displayed in the Primary Group column.

How to enable a user’s ability to manually manipulate a group

You have the ability to enable group manipulation for your account if you are an owner or admin in order to change user groups manually without having to use an API or SAML. Your account will be replaced by the manual configuration if it has been enabled to sync groups using API.

Note : 

Please note that this setting is only available at the account level.

If you would like to enable and manually edit Information Barriers policies in your group, you can do the following:

  1. As an administrator, you are granted the right to edit the account settings within the Zoom web portal.
  2. You can gain access to this by clicking Account Management as found in the navigation menu.
  3. Next, click the Meetings tab.
  4. By enabling the Allow account admins to edit groups with information barriers option under Admin Options, you’ll be able to edit groups with information barriers.
  5. Once a verification dialog box appears, click Enable if the option is to be enabled.

Breakout Rooms: How to apply Information Barriers policies to them

In order to use Breakout Rooms with the Information Barrier feature enabled, it is necessary to enable this feature, which will allow you to use breakout sessions whilst protecting sensitive information from being divulged. Additionally, Information Barriers from the user’s primary group will also be applied to accounts that have the New Admin Experience enabled.