Mass-deploying with preconfigured settings for iOS in Zoom App

This post was most recently updated on July 29th, 2022

Zoom mobile app on managed iOS devices can be managed remotely by system administrators using the mobile device management (MDM) software. Administrators can then enforce the usage of certain settings or disable them completely, based on their requirements.

By enrolling and managing the mobile app through Zoom Device Management, you are able to centrally control settings for both the desktop client and mobile app in the Zoom web portal.

This video guides you through the process of installing Zoom on Windows devices, MacOS devices, as well as Android devices. If you need to centrally configure desktop client and mobile app settings, you can also utilize Zoom’s own Device Management platform.

Configuring Zoom on iOS using MDM has a few prerequisites

  • An iOS device running iOS 4 or later
  • A mobility management tool like AirWatch or Microsoft Intune, which is a form of enterprise mobility management

Configuration options

Configuration key Description Value type

Install and update

SetEnrollToken4CloudMDM This will enroll your mobile device in Zoom Device Management using a token that is provided by the Zoom Device Management web portal. String

Network

DisableCertPin Disable Certificate Pinning. Boolean
BandwidthLimitUp specifies the maximum bandwidth that can be sent to the desktop client.
Note: If your Web settings specify a limit on bandwidth, that limit will take precedence over any client-based limitations.
String
BandwidthLimitDown allows the user to set the maximum amount of bandwidth that the desktop client can receive.
Note: If in your web preferences there is a web setting for bandwidth restrictions, that web setting overrides the restrictions on your client.
String
EnableIndependentDataPort If the client is configured to use independent data ports for media communication, it will do so over the following ports:
Audio: 8803
Screen share: 8802
Video: 8801
Boolean

Authentication

DisableFacebookLogin Remove Facebook login option. Boolean
DisableGoogleLogin Remove Google login option. Boolean
EnableAppleLogin Allow access to Apple login option. Boolean
DisableLoginWithSSO Remove SSO login option. Boolean
DisableLoginWithEmail Remove Email login option. Boolean
ForceLoginWithSSO Defaults login to SSO. Boolean
SetSSOURL Sets the default SSO URL to be used for SSO login.
For example, hooli.zoom.us would be set as “ForceSSOUrl=hooli”.
String
ForceSSOURL locks the default SSO URL for SSO logins and sets it as the default SSO URL.
For example, hooli.zoom.us would be set as “ForceSSOUrl=hooli”.
String
EnableEmbedBrowserForSSO This instructs the client to use the embedded browser to make SSO work. Boolean
DisableAutoLaunchSSO prevents Zoom from automatically launching the previously used SSO URL automatically. This is useful for users who have multiple accounts, each with its own SSO URL, and would like to share information between them. Boolean
mandatory:EnablePhoneLogin Enables login with phone authentication. (A) Boolean
mandatory:EnableAliPayLogin Enables login with Alipay authentication. (A) Boolean
mandatory:EnableWeChatLogin Enables login with WeChat authentication. (A) Boolean
EnforceLoginWithMicrosoft Require login with Microsoft authentication.
SetAccountIDsRestrictedToJoin This method allows the client to join a meeting only when it is hosted by a specific account ID. (B) String
SetEmailDomainsRestrictedToLogin allows you to specify the domain names of the email addresses that the users can use to log in, each separated by “&”.
Example: zoom.us & hooli.com
String
EnableCloudSwitch – Allows the user to switch between Zoom commercial (default) and Zoom for Government. Boolean
EnforceSignInToJoin – we should require users to authenticate before they can join meetings via the desktop client.  For those who join through the join URL, authentication can take place through the web portal. Boolean
EnforceAppSignInToJoin When joining meetings on the desktop client, it will ask for authentication before it allows the user to join. Boolean
EnforceSignInToJoinForWebinar This option requires users to authenticate themselves before joining a webinar through the desktop client.  Authentication can be done through the web portal, if you choose to join through the join URL. Boolean
EnforceAppSignInToJoinForWebinar – Requires the client to be logged into a Zoom account before joining any webinar on the desktop client.require authentication on the desktop client to join any webinar on the desktop client.any webinar. Boolean
SetDevicePolicyToken Sets whether internal meetings need to be authenticated. (C) String

General meeting and client options

AlwaysShowMeetingControls Set use of Always show meeting controls setting. Boolean
DisableClosedCaptioning Disable the use of all closed captioning. Boolean
DisableQnA Disable the use of Q&A in webinars. Boolean
DisableMeetingReactions Disable the use of Meeting reactions. Boolean
DisableNonVerbalFeedback Disable the use of Non-verbal feedback. Boolean
DisableWebinarReactions Disable the use of Webinar Reactions. Boolean
DisableBroadcastBOMessage The host should be able to disable the broadcasting of a message to all breakout rooms while he or she is hosting the meeting. Boolean
MeetingReminder Allows users to view reminders when meetings are upcoming. Boolean

Video

DisableReceiveVideo Disable receiving video. Boolean
DisableVideoCamera Disable sending video. Boolean
TurnOffVideoCameraOnJoin as soon as you join a meeting, it turns off the camera automatically. Boolean
EnableFaceBeauty Enable Touch up my appearance. Boolean

Audio

DisableComputerAudio – Disable and remove the Computer Audio option from the audio settings for the meeting. Boolean
AutoJoinVOIP automatically synchronizes the computer audio with the audio of the meeting participants when the participants join. Boolean

Screen sharing

DisableShareScreen From now on, you will not be able to share your screen with others during meetings or webinars. Boolean
EnableBlurSnapshot When switching between apps during screen sharing, the other apps’ view will be blurred out. Boolean
DisableWhiteBoard Disable Whiteboard feature. Boolean
DisableDesktopShare disables the capability of sharing your desktop while sharing a screen. Boolean

In-meeting Chat

DisableMeetingChat Disable in-meeting chat. Boolean

Background and Filters

DisableVirtualBkgnd Disable Virtual Background feature. Boolean
DisableVideoFilters Disable Video filters feature. Boolean
EnableAutoReverseVirtualBkgnd Indicates that the virtual background needs to be reversed automatically post-meeting. Boolean

Recording

DisableCloudRecording Disable recording to the cloud. Boolean

Zoom Room and Room System calling

DisableDirectShare Notifies Zoom Rooms that direct sharing is disabled. Boolean
NeedCallARoom This allows you to display the Call Room System button as an icon on the desktop client’s desktop. Boolean

Zoom Chat

DisableLinkPreviewInChat Disable link previews. Boolean
SetMessengerDoNotDropThread When messages with new replies are received, they are move to the bottom of the thread. Boolean
PlaySoundForIMMessage allows users to receive audio notifications when a new message is received via IM. Boolean
MuteIMNotificationWhenInMeeting Mute notifications sent by the chat system during meetings. Boolean

Miscellaneous

EmbedDeviceTag The EmbedDeviceTag service embeds a specified device tag string in all HTTP requests of the Zoom client application. These device tag strings are usually added to the head of the regular HTTP requests. String

Notes:

  • As of this writing, these options are available for devices that are based in the China region only.
  • To obtain your Account ID, please have an owner or administrator of your account contact Support.
  • -(C) We would like to recommend that the account owner or admin contact Support so this can be enabled for use. To be able to view and edit Device Policy Management, the owner will also need to edit the role associated with him/her. By accessing Device Policy Management, the owner will be able to retrieve the required token.
  • In order to make a configuration option mandatory for all users, you must use the prefix “mandatory:” followed by the key name. Zoom on iOS will not allow users to change their options while using the app.

Sample XML for Intune

<dict>
 <key>ForceLoginWithSSO</key>
 <integer>1</integer>
 <key>SetSSOURL</key>
 <string>success</string>
 <key>MeetingReminder</key>
 <integer>1</integer>
 <key>mandatory:SyncMeetingFromCalendar</key>
 <integer>0</integer>
 <key>mandatory:TurnOffVideoCameraOnJoin</key>
 <integer>0</integer>
</dict>

Sample XML for AirWatch

<managedAppConfiguration>
    <version>1.2.10</version>
    <bundleId>us.zoom.videomeetings</bundleId>
    <dict>
        <integer keyName="ForceLoginWithSSO">
           <defaultValue>
                <value>1</value>
          </defaultValue>
       </integer>
       <string keyName="SetSSOURL">
           <defaultValue>
               <value>success</value>
           </defaultValue>
       </string>
       <integer keyName="MeetingReminder">
           <defaultValue>
               <value>1</value>
           </defaultValue>
       </integer>
       <integer keyName="mandatory:SyncMeetingFromCalendar">
          <defaultValue>
                <value>0</value>
           </defaultValue>
       </integer>
       <integer keyName="mandatory:TurnOffVideoCameraOnJoin">
            <defaultValue>
                <value>0</value>
          </defaultValue>
      </integer>
    </dict>
</managedAppConfiguration>

What you need to do to configure Intune

How to install the Intune Company Portal on a user’s device

  1. Make sure your users have the Intune Company Portal app installed on their smartphones.
  2. The Company Portal app needs to be signed in for your users to use, and any instructions in the app should be followed so that the app can manage their devices.
  3. It is recommended that you instruct your users to install Zoom through the Intune Company Portal application.

What are the steps involved in applying a configuration policy

  1. Sign into the Microsoft 365 Device Management dashboard by using your Microsoft account.
  2. Select Client apps from the left-hand navigation menu, then select App configuration policies from the left-hand navigation menu.
  3. You are then asked to provide your configuration information as follows:
    • Name: Make sure you give your configuration a name.
    • Description: Describe your configuration so that others can find it easily.
    • Device enrollment type: Select Managed devices.
    • Platform: Select iOS.
    • Associated app: Make sure you choose the ZOOM Cloud Meetings App Store.
  4. Click Configuration settings.
  5. Select Enter XML Data from the drop-down menu for Configuration settings format.
  6. You can set the configuration options by typing in the text box.
  7. Click OK.

What is the process for assigning configuration policies to a group?

  1. Go to the left-side panel and click Assignments.
  2. Then click Select groups to include in your assignment.
  3. To add a group to the list, you will have to search for a group you would like to apply the policy to and click their name.
  4. Next, click Select.
  5. You will then be asked to click Save in order to apply your policy to the selected groups.
    If the configuration has not been pushed to all of your devices, it may take several minutes for it to be done.