ZDM for Zoom desktop and mobile clients

This post was most recently updated on July 22nd, 2022

There is an expansion of Zoom Device Management, which allows administrators to configure client behavior based on device-specific policies through the Zoom desktop and mobile clients. This is a great advancement in the Zoom Device Management process. In the event that these policies are applied to a client, they will always have the same effect on how the client behaves, no matter who the user is logged in as. A system like MSI/GPO, or another similar process, must be used to distribute and apply these settings manually. As a result of Zoom Device Management (ZDM), enterprise administrators will be able to manage their clients via the Zoom web portal. Clients can be grouped according to their needs, and policies can be applied to certain groups of clients. The ZDM policy management tool is compatible with Windows, macOS, Linux, iOS, and Android systems.

Notes:

  • It is possible to run a report once you have enrolled your devices in Zoom, in order to get a detailed list of the clients that you are managing.
  • Users’ ZDM settings are not specific to their devices or clients, they are specific to their ZDM settings.

The following topics are covered in this article:

  • How to create device groups to managed your Zoom desktop and mobile clients
  • How to access the enrollment token to enroll a Zoom desktop and mobile clients
  • How to deploy the enrollment token
    • Deploying the enrollment on Windows devices
      • Using MSI
      • Using GPO
    • Deploying the enrollment token on macOS devices using PLIST
    • Deploying the enrollment token on Linux devices using config file
    • Deploying the enrollment token on Android devices using MDM
    • Deploying the enrollment token on iOS devices using MDM
  • How to unenroll a device from ZDM
  • How to delete a device group
  • How to change group settings for your managed Zoom desktop and mobile clients

Prerequisites for Zoom Device Management for Zoom desktop and mobile clients

  • Accounts for enterprises
  • Ownership or administrative privileges of an account
  • Zoom desktop client
    • Windows: 5.8.3 or higher
    • macOS: 5.8.3 or higher
    • Linux: 5.8.3 or higher
  • Zoom mobile client
    • Android: 5.8.3 or higher
    • iOS: 5.8.3 or higher

Note: If you would like this feature enabled, please contact Zoom Support. In order to ensure that the feature will be enabled within three business days of contacting support, please allow up to three business days.

How to create device groups to manage your Zoom desktop and mobile clients

In order to ensure each team or department has access to the features they need, different groups will need to be set up so you can divide your managed devices according to their security requirements and apply policies according to their needs. Upon creating a group, a token will automatically be generated, as soon as the group has been created. In order to enroll your devices into ZDM, you will need to create a minimum of one group.

Note: In order to access your enrollment token, please refer to the section How to access an enrollment token on our website.

  1. Log into the Zoom web portal as an administrator in order to access the Zoom web portal.
  2. Select Device Management from the navigation menu, then select Device List from the Device List drop-down menu.
  3. In the Groups tab, click the + Add Group link and then switch to the Groups tab.
  4. The name of the group should be entered in the Group Name box.
  5. You may enter a description of the group in the Description box (optional).
  6. Once you have completed the process, click the Finish button.
  7. You can create another group by clicking Save & Add Another (optional).

How to access the enrollment token to enroll a Zoom desktop and mobile client

The unique token created for each group of devices can now be accessed once your device groups have been created. In order to enroll the device to the corresponding device group, the token must be deployed to the desktop client or mobile app in order for it to function.

  1. Make sure that you are logged into the Zoom web portal as an administrator.
  2. To access the Device List, click on the Device Management link in the navigation menu.
  3. The Groups tab can be accessed by clicking on the Edit button to the right of any group that you are interested in editing.
  4. To access your profile, click on the Profile tab.
  5. The following steps need to be taken under the Enrollment section:
    • The enrollment configuration file for devices running Windows can be downloaded if you are enrolling them.
    • You need to click on Copy next to the token generated for this group if you are enrolling devices that run operating systems other than Windows.
      Notes:

      • You will be able to copy the token to your clipboard once you click on the button.
      • As an alternative to using the clipboard, if you wish to copy and paste the token manually rather than using the clipboard, you can do so.

How to deploy the enrollment token

Having generated your enrollment token, it is now time for you to deploy it to the managed installations you have created in your environment. By using the SetEnrollToken4CloudMDM Key, you can set the enrollment token so that it can be used by the Cloud MDM system. Depending on your operating system, you can refer to the following examples:

Deploying the enrollment token on Windows devices

In order to enroll your devices, you can push a configuration file to your MSI/GPO process in order to enroll the devices. In order to copy your token to your key, here are some examples that you can use:

Using MSI

If you were to deploy the MSI as follows; replacing *Token> with the token that has been generated, the deployment would be as follows:

msiexec /i ZoomInstallerFull.msi with the location of the ZoomConfig value “SetEnrollToken4CloudMDM=*Token>”

Note: Please refer to the MSI deployment support article for more detailed information on MSI deployment, which is available on Microsoft‘s website.

Using GPO

It would be as simple as this to deploy a GPO, replacing *Token> with what you generated during the step above:

“SetEnrollToken4CloudMDM”=”” “Token” “*Token>”‘”

Specifically, this configuration key and value will be contained within a configuration file located in the following location:

I found the following registry key: “HKCU/SOFTWARE/Policies/Zoom/Zoom Meetings/General” in HKEY_LOCAL_MACHINE

Note: There is a support article for Group Policy options for Windows that has more detailed information about the deployment of GPOs.

Deploying the enrollment token on macOS devices using PLIST

As an example of how you might deploy a plist in this manner, you would replace *Token> with the token you have generated:

<?xml version=”1.0″ encoding=”UTF-8″?>

<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>

<plist version=”1.0″>

<dict>

<key>SetEnrollToken4CloudMDM</key>

<string><Token></string>

</dict>

</plist>

Note: PLIST deployment for macOS is detailed in the support article for mass installation for macOS, which you can refer to for more information.

Deploying the enrollment token on Linux devices using config file

It would be possible to deploy your token in such a way that you would simply replace <Token> with the one you generated.

SetEnrollToken4CloudMDM=”<Token>”

There is a configuration key and value that should be set in this file in order to achieve this configuration:

~/.config/zoomus.conf

Deploying the enrollment token on Android devices using MDM

Through AirWatch, Microsoft Intune, and Google Workspace, Zoom’s Android App can be deployed to managed devices in your organization. The method that you choose will need to be configured as mandatory – SetEnrollToken4CloudMDM, and the configuration value for that key will be the token that you created when you created this device/group of devices.

The following is an example of the XML file that would be used for deploying through Intune, where you will replace <Token> with the one you generated:

<dict>

<key>SetEnrollToken4CloudMDM</key>

<string><Token></string>

</dict>

Note: You can refer to the MDM for Android support article for more detailed information about the deployment of MDM for Android.

Deploying the enrollment token on iOS devices using MDM

Using AirWatch and Intune, Zoom can be deployed to managed devices in conjunction with the Zoom App for iOS. The configuration key for SetEnrollToken4CloudMDM would need to be set, along with the configuration value, for the endpoint you created for this device/group of devices. No matter which method you choose, you will need to set a configuration key called SetEnrollToken4CloudMDM.

It is possible to create an example XML for deployment via AirWatch by replacing the token you generated with the following, for example:

<managedAppConfiguration>

<version>1.2.10</version>

<bundleId>us.zoom.videomeetings</bundleId>

<dict>

<string keyName=”SetEnrollToken4CloudMDM”>

<defaultValue>

<value><Token></value>

</defaultValue>

</string>

</dict>

</managedAppConfiguration>

Note: It is strongly recommended that you refer to the MDM for iOS support article if you would like more information regarding MDM deployment for Android.

How to unenroll a device from ZDM

It is possible to unenroll a device at any point in time after it has been enrolled in ZDM.

  1. SetEnrollToken4CloudMDM is a command that has been deployed by MSI/GPO/PLIST/MDM to clear all the token values set when the tokens are deployed.
  2. You will need to log in as an administrator to the Zoom web portal.
  3. You can access the Device List by clicking on the Device Management link in the navigation menu.
  4. Click on the empty box to the left of the device you wish to unenroll, then identify the device you wish to unenroll.
  5. You can select the option to unenroll the device by clicking the ellipsis button located in the upper-right corner of the device list.

How to delete a device group

It is possible to delete a group at any time after it has been created. If a group is deleted, then all enrollment tokens associated with that group will automatically be deleted as well.

Note: It is possible to select as many groups as you wish to delete at once if you wish to delete several at once.

  1. In order to access Zoom, you need to sign in as an administrator.
  2. Click on Device management from the navigation menu, then click on Device List from the Device Management menu.
  3. Go to the Groups tab and click on it.
  4. Click the empty box left of the group you want to delete. You will then be able to delete that group from your account.
  5. To delete the tab, you need to click on the Delete button at the top right corner.
  6. To confirm the deletion of the file, click the Delete button in the pop-up window that appears.

How to change group settings for your managed Zoom desktop and mobile clients

Visit the Changing group settings for ZDM managed clients for more information.