Using QoS DSCP Marking in Zoom app

This post was most recently updated on July 23rd, 2022

In order to decide how network data traffic is classified, the Quality of Service (QoS) DSCP Marking method is used. By using this method, it is possible to determine which network traffic requires a higher amount of bandwidth, has a higher priority, and is probably more likely to experience packet loss.

For audio and video, the default Zoom DSCP marking values are 56, while for screen sharing, the default values are 40. As a network administrator, you can adjust the priority for Zoom traffic on your network by updating the audio and video value settings.

It is important that you re-deploy the MSI after configuring the DSCP markings if you have deployed Zoom through an MSI installation. There will need to be a re-deployment of the MSI if the DSCP markings change at any point in time.

Note: DSCP markings only apply to Zoom meetings. Zoom Phone does not provide QoS on an application-layer basis.

The following requirements must be met before QoS DSCP Marking can be used

  • It is available as an IT Admin deployment (.pkg file) for Zoom desktop client for macOS.
  • IT Admin deployment (MSI) for Zoom desktop client for Windows is available.

Note:

In order for the DSCP Marking to be effective, Zoom will need to be run as administrator if it is deployed via a .msi installation. On the other hand, if you used Group Policy to manage the DSCP marking process, the client didn’t need administrator privileges to run.

DSCP in Zoom – how to enable it

To enable DSCP marking for all users in the account, please follow these steps:

  1. As an admin, you will have the ability to edit the Zoom account settings via the Zoom web portal after signing in.
  2. Simply click on Account Management then Account Settings from the navigation panel.
  3. Click on the Meetings tab.
  4. Make sure that the DSCP marking option is enabled under In Meeting (Advanced).
  5. In case the setting is disabled, simply click the toggle switch to enable it. Click Turn On when a confirmation dialog box appears in order to make sure the change was successful.
  6. It is optional to set this setting to mandatory for all users in your account, so you can make it mandatory by clicking the lock icon and then clicking Lock.
  7. Update and input values for Audio and Video.
  8. Click Save.
    This setting will not take effect if you install the Windows clients using the EXE file as you will not have direct access to the settings. It is necessary to install the Zoom client for Windows using an MSI file (download Zoom client for IT administrators). Please refer to the mass deployment for Windows section for further information.

Using group policy, you can set up DSCP Marking

As a result of Microsoft updates, the Windows client must be run as an administrator in order for it to be able to use the DSCP Marking feature. However, if the application is not running with administrative privileges, then the QoS policies of Group Policy can be used to monitor the client if the Windows client is not running with administrative privileges.

The following steps must be followed in order to set DSCP Marking through a Group Policy:

  1. Configure Zoom MSI client for Independent Data Ports either by enabling them on the server side or on the client side
    • You will need to add the variable EnableIndependentDataPort=1 to the installation string.
    • Adding the variable “EnableIndependentDataPort”=dword:00000001 to the Group Policy Object (GPO) for the Zoom app is critical.
      Note:
    •  Visit Mass Installation and Configuration for Windows for more information on the steps involved in deploying the Zoom client with this variable enabled.
  2. It is important that you open up the Group Policy Management Console (GPMC) and edit the Group Policy Object (GPO) that you wish to edit.
  3. You can do this by clicking Create new policy…
  4. The policy name that you wish to edit.
  5. Set the desired DSCP value for Zoom traffic by checking the Specify DSCP Value check box, and then entering the desired DSCP value.
  6. Click on the Next button.
  7. If you choose Restrict applications to only use this executable name, then you will have to change the executable name to Zoom.exe.
  8. Click Next.
  9. Make sure you leave the IP address settings at the default value.
  10. Also, please make sure that both TCP and UDP are selected in the protocol settings.
  11. Click on the Finish button after leaving the default port settings unchanged.
  12. Reboot the devices that are affected by the new Group Policy after it has been applied.
    Ensure that you are seeing marked packets on the Zoom Windows client once you have joined the meeting and the Zoom meeting server is sending them to the Zoom client.