| Description |
Service |
Rule |
| Enable watermarks for meetings |
Adding a watermark enables author accreditation. Each attendee sees a portion of their own email address embedded as a watermark in any shared content and on the video of the participant who is sharing their screen. This option requires enabling “Only signed-in users can join the meeting” or “Only signed-in users with specified domains can join meetings”. |
|
AccountSettings should have in_meeting.watermark eq true |
| Disable annotations while screen sharing |
Disable the use of annotation tools while screen sharing. |
|
AccountSettings should have in_meeting.annotation eq false |
| Enable automatic recording of meetings |
Record meetings automatically as they start. This can capture evidence if any incidents occur during a meeting. |
|
AccountSettings should have recording.auto_recording in ("local", "cloud") |
| Enable auto saving chats |
Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts. |
|
AccountSettings should have in_meeting.auto_saving_chat eq true |
| Disable the auto-answer group feature in chat |
Disable the auto-answer group feature in chat. |
|
AccountSettings should have in_meeting.auto_answer eq false |
| Disable sending files through in-meeting chat |
Disable the feature where hosts and participants can send files through the in-meeting chat. |
|
AccountSettings should have in_meeting.file_transfer eq false |
| Disable closed captioning |
Disable the feature where the host can type closed captions, or assign a participant/third party device to add closed captions. |
|
AccountSettings should have in_meeting.manual_captioning.manual_captions eq false |
| Disable far end camera control |
Disable the feature where another user can control your camera during a meeting. |
|
AccountSettings should have in_meeting.far_end_camera_control eq false |
| Hide billing information from administrators |
Hide billing information from administrators. |
|
SecuritySettings should have hide_billing_info eq true |
| Ensure the host cannot delete cloud recordings |
Recordings cannot be deleted by the host; only administrators can delete them. |
|
AccountSettings should have recording.host_delete_cloud_recording eq false |
| Do not start meetings with the host's video turned on |
Does not require the host's video to be turned on when the host starts a meeting. |
|
AccountSettings should have schedule_meeting.host_video eq false |
| Disable importing photos from the user's device |
Disable users from importing photos from their device. |
|
SecuritySettings should have import_photos_from_devices eq false |
| Disable the in-meeting chat functionality |
Do not allow meeting participants to send messages that are visible to all participants. |
|
AccountSettings should have in_meeting.chat eq false |
| Disable joining before host |
Do not allow participants to join a meeting before the host arrives. Otherwise, unwanted users cannot be removed or muted until the host arrives, which may prove disruptive to other attendees. Locking this setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.join_before_host eq false |
| Disable live streaming meetings |
Disable live streaming meetings. |
|
AccountSettings should have in_meeting.allow_live_streaming eq false |
| Always display ‘Zoom Meeting’ as the meeting topic |
Hide the actual meeting topic and display the text “Zoom Meeting”, for your scheduled meetings. This helps keep the meeting topic confidential by not displaying it publicly. |
|
AccountSettings should have schedule_meeting.not_store_meeting_topic eq true |
| Only account admins can change users' names and profile pictures |
Only account admins can change licensed users' names and profile pictures. |
|
SecuritySettings should have admin_change_user_info eq true and user_modifiable_info_by_admin has ( "name" ) and user_modifiable_info_by_admin has ( "profile_picture" ) |
| Only the host can download cloud recordings |
Enable the “Only the host can download cloud recordings” option to block others from downloading cloud recordings. |
|
AccountSettings should have recording.cloud_recording_download_host eq true |
| Disable the peer-to-peer connection feature |
Do not allow users to directly connect to one another in a 2-person meeting. |
|
AccountSettings should have in_meeting.p2p_connetion eq false |
| Ensure Personal Meeting IDs are enabled |
A Personal Meeting ID (PMI) is a dedicated 9-11 digit number which is assigned to each individual's account when the account is created. This becomes the user's personal meeting room. |
|
AccountSettings should have schedule_meeting.personal_meeting eq true |
| Require a passcode for Personal Meeting ID meetings |
All PMI (Personal Meeting ID) meetings should be passcode-protected. This increases security by ensuring that no one can join a PMI meeting unless they also provide that meeting's passcode. |
|
AccountSettings should have schedule_meeting.require_password_for_pmi_meetings eq "all" |
| Prevent hosts from accessing their cloud recordings |
Prevent hosts from viewing their meetings' cloud recordings. Only admins with recording management privilege will be able to access cloud recordings. |
|
AccountSettings should have recording.prevent_host_access_recording eq true |
| Disable private messaging between meeting participants |
Do not allow meeting participants to send a private 1:1 message to another participant. |
|
AccountSettings should have in_meeting.private_chat eq false |
| Add a timestamp to meeting recordings |
Add a timestamp to meeting recordings. |
|
AccountSettings should have recording.show_timestamp eq true |
| Disable remote control of shared content |
Do not allow a meeting participant who is sharing their screen to allow others to control the shared content. |
|
AccountSettings should have in_meeting.remote_control eq false |
| Allow meeting participants to request permission to unmute other participants |
Select this option in the scheduler to request permission to unmute meeting participants and webinar panelists. Permissions, once given, will apply in all meetings scheduled by the same person. |
|
AccountSettings should have in_meeting.request_permission_to_unmute_participants eq true |
| Require a strong passcode |
Enforce the following requirements for a strong passcode: passcodes should have at least 1 letter, at least 1 number, at least 1 special character, have both uppercase and lowercase letters, have no consecutive characters, and be at least 6 characters. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.length gte 6 and meeting_security.meeting_password_requirement.only_allow_numeric eq false and meeting_security.meeting_password_requirement.have_letter eq true and meeting_security.meeting_password_requirement.have_number eq true and meeting_security.meeting_password_requirement.have_special_character eq true and meeting_security.meeting_password_requirement.have_upper_and_lower_characters eq true and meeting_security.meeting_password_requirement.consecutive_characters_length gte 4 |
| Require a passcode for instant meetings |
A random passcode will be generated when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false and schedule_meeting.require_password_for_instant_meetings eq true |
| Require a passcode for participants joining by phone |
A numeric passcode will be required for participants joining by phone if your meeting has a passcode. For meeting with an alphanumeric passcode, a numeric version will be generated. |
|
AccountMeetingSecurity should have meeting_security.phone_password eq true |
| Require a passcode when scheduling new meetings |
Require a passcode when scheduling new meetings. A passcode will be generated when scheduling a meeting and participants require the passcode to join the meeting. |
|
AccountSettings should have schedule_meeting.require_password_for_scheduling_new_meetings eq true |
| Require passcode to access shared cloud recordings |
Passcode protection will be enforced for shared cloud recordings. This setting is applicable for newly generated recordings only. |
|
AccountSettings should have recording.required_password_for_shared_cloud_recordings eq true |
| Ensure only the host can share their screen |
Ensure that only the host can share their screen during a meeting. |
|
AccountSettings should have in_meeting.who_can_share_screen eq "host" |
| Ensure only the host can start sharing their screen while someone else is already sharing |
Only the host can share their screen while someone else is already sharing. |
|
AccountSettings should have in_meeting.who_can_share_screen_when_someone_is_sharing eq "host" |
| Only show the user's default email client when sending email invites |
Only allow users to use their default email client to invite participants by email. |
|
AccountSettings should have in_meeting.sending_default_email_invites eq true |
| Do not start meetings with participants' videos turned on |
Start meetings with participants' videos turned off. Participants can change this during the meeting. This ensures people joining a meeting do not have their camera on without them realizing. Locking the setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.participant_video eq false |
| Require a strong user password |
Enforce the following requirements for a strong user password: passwords should have at least 1 special character, have no consecutive characters, and be at least 9 characters. Also enable enhanced weak password detection. |
|
SecuritySettings should have password_requirement.consecutive_characters_length gte 4 and password_requirement.minimum_password_length gte 9 and password_requirement.have_special_character eq true and password_requirement.weak_enhance_detection eq true |
| Require encryption for third-party endpoints (SIP/H.323) |
By default, Zoom requires encryption for all data transferred between the Zoom cloud, Zoom client, and Zoom Room. Turn on this setting to require encryption for third-party endpoints (SIP/H.323) as well. |
|
AccountSettings should have in_meeting.e2e_encryption eq true |
| Disable uploading custom virtual backgrounds |
Disable users from uploading custom backgrounds to use for their virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_upload_custom eq false |
| Disable using the Personal Meeting ID (PMI) when starting an instant meeting |
Do not use the Personal Meeting ID (PMI) when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false |
| Disable using the Personal Meeting ID (PMI) when scheduling a meeting |
Do not use the Personal Meeting ID (PMI) when scheduling a meeting. This ensures a new meeting ID is used for newly scheduled meetings. Disruptive users would not be able to use the older meeting ID (the PMI) to join a new meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_scheduled_meetings eq false |
| Disable the use of videos for virtual backgrounds |
Disable the use of videos for virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_videos eq false |
| Enable waiting room |
When participants join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting that allows participants to join before the host does. |
|
AccountMeetingSecurity should have meeting_security.waiting_room eq true |
| Place all users in the meeting's waiting room |
Ensure that all users are placed in the meeting waiting room. |
|
AccountMeetingSecurity should have meeting_security.waiting_room_settings.participants_to_place_in_waiting_room eq 0 |
| Enable weak passcode detection |
Enabling the option to use “enhanced weak passcode detection” detects and informs users if their passcode is weak, enabling them to change their passcode to a stronger one. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.weak_enhance_detection eq true |
| Disable the whiteboard feature |
Disable host and participants from sharing a whiteboard during a meeting. |
|
AccountSettings should have in_meeting.whiteboard eq false |
| Description |
Service |
Rule |
| Enable watermarks for meetings |
Adding a watermark enables author accreditation. Each attendee sees a portion of their own email address embedded as a watermark in any shared content and on the video of the participant who is sharing their screen. This option requires enabling “Only signed-in users can join the meeting” or “Only signed-in users with specified domains can join meetings”. |
|
AccountSettings should have in_meeting.watermark eq true |
| Ensure 'Identify guest participants in the meeting/webinar' is enabled |
Participants who belong to your account can see that a guest is participating in the meeting/webinar. |
|
AccountSettings should have in_meeting.alert_guest_join eq true |
| Allow participants to rename themselves |
Allow meeting participants and webinar panelists to rename themselves. This option is required to identify participants in a meeting that does not require registration. This option also allows participants to rename themselves to help others identify who they are. |
|
AccountSettings should have in_meeting.allow_participants_to_rename eq true |
| Allow recovery of deleted cloud recordings |
Allow the recovery of deleted cloud recordings. Deleted cloud recordings will remain in the trash for up to 30 days. |
|
AccountSettings should have recording.allow_recovery_deleted_cloud_recordings eq true |
| Notify host when an alternative host is set or removed from a meeting |
When an alternative host is set or removed from a meeting, notify the host. |
|
AccountSettings should have email_notification.alternative_host_reminder eq true |
| Disable annotations while screen sharing |
Disable the use of annotation tools while screen sharing. |
|
AccountSettings should have in_meeting.annotation eq false |
| Enable automatic recording of meetings |
Record meetings automatically as they start. This can capture evidence if any incidents occur during a meeting. |
|
AccountSettings should have recording.auto_recording in ("local", "cloud") |
| Automatically save recorded meetings to the cloud |
Automatically record and save meetings to the cloud to capture evidence if any incidents occur during a meeting. |
|
AccountSettings should have recording.auto_recording eq "cloud" |
| Enable auto saving chats |
Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts. |
|
AccountSettings should have in_meeting.auto_saving_chat eq true |
| Enable breakout rooms during a meeting |
Allow host to assign participants to breakout rooms during a meeting. |
|
AccountSettings should have in_meeting.breakout_room eq true |
| Notify host and participants when a meeting is cancelled |
Notify host and participants when the meeting is cancelled. |
|
AccountSettings should have email_notification.cancel_meeting_reminder eq true |
| Disable the auto-answer group feature in chat |
Disable the auto-answer group feature in chat. |
|
AccountSettings should have in_meeting.auto_answer eq false |
| Disable sending files through in-meeting chat |
Disable the feature where hosts and participants can send files through the in-meeting chat. |
|
AccountSettings should have in_meeting.file_transfer eq false |
| Disable closed captioning |
Disable the feature where the host can type closed captions, or assign a participant/third party device to add closed captions. |
|
AccountSettings should have in_meeting.manual_captioning.manual_captions eq false |
| Notify the host when a cloud recording is available |
Notify the host when a cloud recording is available. Once a recording is available, the host can validate that the recording does not contain sensitive or confidential data before sharing it. |
|
AccountSettings should have email_notification.cloud_recording_available_reminder eq true |
| Enable downloading cloud recordings |
Allow anyone with a link to the meeting's cloud recording to download the recording. |
|
AccountSettings should have recording.cloud_recording_download eq true |
| Enable recording meetings to the cloud |
Allow hosts to record and save the meeting/webinar in the cloud. |
|
AccountSettings should have recording.cloud_recording eq true |
| Enable co-hosts |
Allow the host to add co-hosts. Co-hosts have the same in-meeting controls as the host. |
|
AccountSettings should have in_meeting.co_host eq true |
| Embed passcode in meeting links to allow joining with a single click |
The meeting passcode will be encrypted and included in the invite link to allow participants to join with just one click without having to enter the passcode. |
|
AccountMeetingSecurity should have meeting_security.embed_password_in_join_link eq true |
| Disable far end camera control |
Disable the feature where another user can control your camera during a meeting. |
|
AccountSettings should have in_meeting.far_end_camera_control eq false |
| Allow users to provide feedback to Zoom |
Add a Feedback tab to the Windows Settings or Mac Preferences dialog, and also enable users to provide feedback to Zoom at the end of the meeting. |
|
AccountSettings should have in_meeting.feedback eq true |
| Hide billing information from administrators |
Hide billing information from administrators. |
|
SecuritySettings should have hide_billing_info eq true |
| Ensure the host cannot delete cloud recordings |
Recordings cannot be deleted by the host; only administrators can delete them. |
|
AccountSettings should have recording.host_delete_cloud_recording eq false |
| Do not start meetings with the host's video turned on |
Does not require the host's video to be turned on when the host starts a meeting. |
|
AccountSettings should have schedule_meeting.host_video eq false |
| Disable importing photos from the user's device |
Disable users from importing photos from their device. |
|
SecuritySettings should have import_photos_from_devices eq false |
| Disable the in-meeting chat functionality |
Do not allow meeting participants to send messages that are visible to all participants. |
|
AccountSettings should have in_meeting.chat eq false |
| Disable joining before host |
Do not allow participants to join a meeting before the host arrives. Otherwise, unwanted users cannot be removed or muted until the host arrives, which may prove disruptive to other attendees. Locking this setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.join_before_host eq false |
| Notify the host when participants join the meeting before them |
Notify host when participants join the meeting before them. |
|
AccountSettings should have email_notification.jbh_reminder eq true |
| Enable participants to join a meeting through their browser |
Allow participants to bypass downloading the Zoom client and to join a meeting directly from their browser instead. |
|
AccountSettings should have in_meeting.show_a_join_from_your_browser_link eq true |
| Disable live streaming meetings |
Disable live streaming meetings. |
|
AccountSettings should have in_meeting.allow_live_streaming eq false |
| Enable local recording of meetings |
Allow hosts and participants to record the meeting to a local file. |
|
AccountSettings should have recording.local_recording eq true |
| Disable meeting reactions |
Allow meeting participants to communicate without interrupting by reacting with an emoji that shows on their video. Reactions disappear after 10 seconds. Participants can change their reaction skin tone in Settings. This option can be misused by mischievous participants. |
|
AccountSettings should have in_meeting.meeting_reactions eq false |
| Always display ‘Zoom Meeting’ as the meeting topic |
Hide the actual meeting topic and display the text “Zoom Meeting”, for your scheduled meetings. This helps keep the meeting topic confidential by not displaying it publicly. |
|
AccountSettings should have schedule_meeting.not_store_meeting_topic eq true |
| Only account admins can change users' names and profile pictures |
Only account admins can change licensed users' names and profile pictures. |
|
SecuritySettings should have admin_change_user_info eq true and user_modifiable_info_by_admin has ( "name" ) and user_modifiable_info_by_admin has ( "profile_picture" ) |
| Ensure only authenticated users can join meetings |
Ensure only authenticated users can join meetings. This requires participants to authenticate prior to joining meetings. Hosts can choose an authentication method when scheduling the meeting. |
|
AccountSettings should have schedule_meeting.enforce_login eq true |
| Only the host can download cloud recordings |
Enable the “Only the host can download cloud recordings” option to block others from downloading cloud recordings. |
|
AccountSettings should have recording.cloud_recording_download_host eq true |
| Disable the peer-to-peer connection feature |
Do not allow users to directly connect to one another in a 2-person meeting. |
|
AccountSettings should have in_meeting.p2p_connetion eq false |
| Ensure Personal Meeting IDs are enabled |
A Personal Meeting ID (PMI) is a dedicated 9-11 digit number which is assigned to each individual's account when the account is created. This becomes the user's personal meeting room. |
|
AccountSettings should have schedule_meeting.personal_meeting eq true |
| Require a passcode for Personal Meeting ID meetings |
All PMI (Personal Meeting ID) meetings should be passcode-protected. This increases security by ensuring that no one can join a PMI meeting unless they also provide that meeting's passcode. |
|
AccountSettings should have schedule_meeting.require_password_for_pmi_meetings eq "all" |
| Allow hosts to add polls/quizzes to a meeting |
This allows hosts to add polls/quizzes before or during a meeting in order to survey the attendees. Polls also enable the host to validate if participants are engaged in the meeting. |
|
AccountSettings should have in_meeting.polling eq true |
| Prevent hosts from accessing their cloud recordings |
Prevent hosts from viewing their meetings' cloud recordings. Only admins with recording management privilege will be able to access cloud recordings. |
|
AccountSettings should have recording.prevent_host_access_recording eq true |
| Disable private messaging between meeting participants |
Do not allow meeting participants to send a private 1:1 message to another participant. |
|
AccountSettings should have in_meeting.private_chat eq false |
| Record an audio-only file during meeting recordings |
Record an audio-only file while recording the meeting. This is useful when evidence of an untampered audio file is needed. |
|
AccountSettings should have recording.record_audio_file eq true |
| Record the gallery view along with the shared screen for cloud recordings. |
Record the gallery view along with the shared screen for cloud recordings. |
|
AccountSettings should have recording.record_gallery_view eq true |
| When someone joins by phone, ask to record their voice to use as the notification sound |
When a user joins by phone, ask them to record their own voice to use as a notification sound |
|
AccountSettings should have in_meeting.record_play_own_voice eq true |
| Save chat messages from the meeting/webinar when recording a meeting |
Save chat messages from the meeting/webinar when recording a meeting. |
|
AccountSettings should have recording.save_chat_text eq true |
| Record the active speaker along with the shared screen |
Record the active speaker along with the shared screen. |
|
AccountSettings should have recording.record_speaker_view eq true |
| Add a timestamp to meeting recordings |
Add a timestamp to meeting recordings. |
|
AccountSettings should have recording.show_timestamp eq true |
| Disable remote control of shared content |
Do not allow a meeting participant who is sharing their screen to allow others to control the shared content. |
|
AccountSettings should have in_meeting.remote_control eq false |
| Allow meeting participants to request permission to unmute other participants |
Select this option in the scheduler to request permission to unmute meeting participants and webinar panelists. Permissions, once given, will apply in all meetings scheduled by the same person. |
|
AccountSettings should have in_meeting.request_permission_to_unmute_participants eq true |
| Require a strong passcode |
Enforce the following requirements for a strong passcode: passcodes should have at least 1 letter, at least 1 number, at least 1 special character, have both uppercase and lowercase letters, have no consecutive characters, and be at least 6 characters. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.length gte 6 and meeting_security.meeting_password_requirement.only_allow_numeric eq false and meeting_security.meeting_password_requirement.have_letter eq true and meeting_security.meeting_password_requirement.have_number eq true and meeting_security.meeting_password_requirement.have_special_character eq true and meeting_security.meeting_password_requirement.have_upper_and_lower_characters eq true and meeting_security.meeting_password_requirement.consecutive_characters_length gte 4 |
| Require a passcode for instant meetings |
A random passcode will be generated when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false and schedule_meeting.require_password_for_instant_meetings eq true |
| Require a passcode for participants joining by phone |
A numeric passcode will be required for participants joining by phone if your meeting has a passcode. For meeting with an alphanumeric passcode, a numeric version will be generated. |
|
AccountMeetingSecurity should have meeting_security.phone_password eq true |
| Require a passcode when scheduling new meetings |
Require a passcode when scheduling new meetings. A passcode will be generated when scheduling a meeting and participants require the passcode to join the meeting. |
|
AccountSettings should have schedule_meeting.require_password_for_scheduling_new_meetings eq true |
| Require passcode to access shared cloud recordings |
Passcode protection will be enforced for shared cloud recordings. This setting is applicable for newly generated recordings only. |
|
AccountSettings should have recording.required_password_for_shared_cloud_recordings eq true |
| Enable reminder when someone schedules a meeting for a host |
When someone schedules a meeting for a host, notify the host if there is a meeting that is scheduled, rescheduled, or cancelled. This is helpful to monitor who has permissions to schedule a meeting on behalf of the host. |
|
AccountSettings should have email_notification.schedule_for_reminder eq true |
| Ensure only the host can share their screen |
Ensure that only the host can share their screen during a meeting. |
|
AccountSettings should have in_meeting.who_can_share_screen eq "host" |
| Ensure screen sharing is enabled |
Allow the host and participants to share their screen or content during meetings. |
|
AccountSettings should have in_meeting.screen_sharing eq true |
| Ensure only the host can start sharing their screen while someone else is already sharing |
Only the host can share their screen while someone else is already sharing. |
|
AccountSettings should have in_meeting.who_can_share_screen_when_someone_is_sharing eq "host" |
| Ensure meeting controls are always shown |
Always show meeting controls during a meeting. This helps both hosts as well as participants in situations when they may need to quickly access their controls. |
|
AccountSettings should have in_meeting.show_meeting_control_toolbar eq true |
| Only show the user's default email client when sending email invites |
Only allow users to use their default email client to invite participants by email. |
|
AccountSettings should have in_meeting.sending_default_email_invites eq true |
| Show Zoom windows during screen share |
Show Zoom windows during screen share so the host can quickly mute or remove participants from the meeting. |
|
AccountSettings should have in_meeting.allow_show_zoom_windows eq true |
| Do not start meetings with participants' videos turned on |
Start meetings with participants' videos turned off. Participants can change this during the meeting. This ensures people joining a meeting do not have their camera on without them realizing. Locking the setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.participant_video eq false |
| Require a strong user password |
Enforce the following requirements for a strong user password: passwords should have at least 1 special character, have no consecutive characters, and be at least 9 characters. Also enable enhanced weak password detection. |
|
SecuritySettings should have password_requirement.consecutive_characters_length gte 4 and password_requirement.minimum_password_length gte 9 and password_requirement.have_special_character eq true and password_requirement.weak_enhance_detection eq true |
| Require encryption for third-party endpoints (SIP/H.323) |
By default, Zoom requires encryption for all data transferred between the Zoom cloud, Zoom client, and Zoom Room. Turn on this setting to require encryption for third-party endpoints (SIP/H.323) as well. |
|
AccountSettings should have in_meeting.e2e_encryption eq true |
| Disable uploading custom virtual backgrounds |
Disable users from uploading custom backgrounds to use for their virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_upload_custom eq false |
| Use HTML formatted emails when sending meeting invitations with the Outlook plugin |
Use HTML formatting instead of plain text for meeting invitations scheduled with the Outlook plugin. |
|
AccountSettings should have in_meeting.use_html_format_email eq true |
| Disable using the Personal Meeting ID (PMI) when starting an instant meeting |
Do not use the Personal Meeting ID (PMI) when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false |
| Disable using the Personal Meeting ID (PMI) when scheduling a meeting |
Do not use the Personal Meeting ID (PMI) when scheduling a meeting. This ensures a new meeting ID is used for newly scheduled meetings. Disruptive users would not be able to use the older meeting ID (the PMI) to join a new meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_scheduled_meetings eq false |
| Disable the use of videos for virtual backgrounds |
Disable the use of videos for virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_videos eq false |
| Enable virtual backgrounds |
Use a virtual background to keep your environment private from others in a meeting. |
|
AccountSettings should have in_meeting.virtual_background eq true |
| Enable waiting room |
When participants join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting that allows participants to join before the host does. |
|
AccountMeetingSecurity should have meeting_security.waiting_room eq true |
| Place all users in the meeting's waiting room |
Ensure that all users are placed in the meeting waiting room. |
|
AccountMeetingSecurity should have meeting_security.waiting_room_settings.participants_to_place_in_waiting_room eq 0 |
| Enable weak passcode detection |
Enabling the option to use “enhanced weak passcode detection” detects and informs users if their passcode is weak, enabling them to change their passcode to a stronger one. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.weak_enhance_detection eq true |
| Disable the whiteboard feature |
Disable host and participants from sharing a whiteboard during a meeting. |
|
AccountSettings should have in_meeting.whiteboard eq false |
| Description |
Service |
Rule |
| Enable watermarks for meetings |
Adding a watermark enables author accreditation. Each attendee sees a portion of their own email address embedded as a watermark in any shared content and on the video of the participant who is sharing their screen. This option requires enabling “Only signed-in users can join the meeting” or “Only signed-in users with specified domains can join meetings”. |
|
AccountSettings should have in_meeting.watermark eq true |
| Disable annotations while screen sharing |
Disable the use of annotation tools while screen sharing. |
|
AccountSettings should have in_meeting.annotation eq false |
| Enable automatic recording of meetings |
Record meetings automatically as they start. This can capture evidence if any incidents occur during a meeting. |
|
AccountSettings should have recording.auto_recording in ("local", "cloud") |
| Enable auto saving chats |
Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts. |
|
AccountSettings should have in_meeting.auto_saving_chat eq true |
| Disable the auto-answer group feature in chat |
Disable the auto-answer group feature in chat. |
|
AccountSettings should have in_meeting.auto_answer eq false |
| Disable sending files through in-meeting chat |
Disable the feature where hosts and participants can send files through the in-meeting chat. |
|
AccountSettings should have in_meeting.file_transfer eq false |
| Disable closed captioning |
Disable the feature where the host can type closed captions, or assign a participant/third party device to add closed captions. |
|
AccountSettings should have in_meeting.manual_captioning.manual_captions eq false |
| Disable far end camera control |
Disable the feature where another user can control your camera during a meeting. |
|
AccountSettings should have in_meeting.far_end_camera_control eq false |
| Hide billing information from administrators |
Hide billing information from administrators. |
|
SecuritySettings should have hide_billing_info eq true |
| Ensure the host cannot delete cloud recordings |
Recordings cannot be deleted by the host; only administrators can delete them. |
|
AccountSettings should have recording.host_delete_cloud_recording eq false |
| Do not start meetings with the host's video turned on |
Does not require the host's video to be turned on when the host starts a meeting. |
|
AccountSettings should have schedule_meeting.host_video eq false |
| Disable importing photos from the user's device |
Disable users from importing photos from their device. |
|
SecuritySettings should have import_photos_from_devices eq false |
| Disable the in-meeting chat functionality |
Do not allow meeting participants to send messages that are visible to all participants. |
|
AccountSettings should have in_meeting.chat eq false |
| Disable joining before host |
Do not allow participants to join a meeting before the host arrives. Otherwise, unwanted users cannot be removed or muted until the host arrives, which may prove disruptive to other attendees. Locking this setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.join_before_host eq false |
| Disable live streaming meetings |
Disable live streaming meetings. |
|
AccountSettings should have in_meeting.allow_live_streaming eq false |
| Always display ‘Zoom Meeting’ as the meeting topic |
Hide the actual meeting topic and display the text “Zoom Meeting”, for your scheduled meetings. This helps keep the meeting topic confidential by not displaying it publicly. |
|
AccountSettings should have schedule_meeting.not_store_meeting_topic eq true |
| Only account admins can change users' names and profile pictures |
Only account admins can change licensed users' names and profile pictures. |
|
SecuritySettings should have admin_change_user_info eq true and user_modifiable_info_by_admin has ( "name" ) and user_modifiable_info_by_admin has ( "profile_picture" ) |
| Ensure only authenticated users can join meetings |
Ensure only authenticated users can join meetings. This requires participants to authenticate prior to joining meetings. Hosts can choose an authentication method when scheduling the meeting. |
|
AccountSettings should have schedule_meeting.enforce_login eq true |
| Only the host can download cloud recordings |
Enable the “Only the host can download cloud recordings” option to block others from downloading cloud recordings. |
|
AccountSettings should have recording.cloud_recording_download_host eq true |
| Disable the peer-to-peer connection feature |
Do not allow users to directly connect to one another in a 2-person meeting. |
|
AccountSettings should have in_meeting.p2p_connetion eq false |
| Ensure Personal Meeting IDs are enabled |
A Personal Meeting ID (PMI) is a dedicated 9-11 digit number which is assigned to each individual's account when the account is created. This becomes the user's personal meeting room. |
|
AccountSettings should have schedule_meeting.personal_meeting eq true |
| Require a passcode for Personal Meeting ID meetings |
All PMI (Personal Meeting ID) meetings should be passcode-protected. This increases security by ensuring that no one can join a PMI meeting unless they also provide that meeting's passcode. |
|
AccountSettings should have schedule_meeting.require_password_for_pmi_meetings eq "all" |
| Prevent hosts from accessing their cloud recordings |
Prevent hosts from viewing their meetings' cloud recordings. Only admins with recording management privilege will be able to access cloud recordings. |
|
AccountSettings should have recording.prevent_host_access_recording eq true |
| Disable private messaging between meeting participants |
Do not allow meeting participants to send a private 1:1 message to another participant. |
|
AccountSettings should have in_meeting.private_chat eq false |
| Disable remote control of shared content |
Do not allow a meeting participant who is sharing their screen to allow others to control the shared content. |
|
AccountSettings should have in_meeting.remote_control eq false |
| Allow meeting participants to request permission to unmute other participants |
Select this option in the scheduler to request permission to unmute meeting participants and webinar panelists. Permissions, once given, will apply in all meetings scheduled by the same person. |
|
AccountSettings should have in_meeting.request_permission_to_unmute_participants eq true |
| Require a strong passcode |
Enforce the following requirements for a strong passcode: passcodes should have at least 1 letter, at least 1 number, at least 1 special character, have both uppercase and lowercase letters, have no consecutive characters, and be at least 6 characters. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.length gte 6 and meeting_security.meeting_password_requirement.only_allow_numeric eq false and meeting_security.meeting_password_requirement.have_letter eq true and meeting_security.meeting_password_requirement.have_number eq true and meeting_security.meeting_password_requirement.have_special_character eq true and meeting_security.meeting_password_requirement.have_upper_and_lower_characters eq true and meeting_security.meeting_password_requirement.consecutive_characters_length gte 4 |
| Require a passcode for instant meetings |
A random passcode will be generated when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false and schedule_meeting.require_password_for_instant_meetings eq true |
| Require a passcode for participants joining by phone |
A numeric passcode will be required for participants joining by phone if your meeting has a passcode. For meeting with an alphanumeric passcode, a numeric version will be generated. |
|
AccountMeetingSecurity should have meeting_security.phone_password eq true |
| Require a passcode when scheduling new meetings |
Require a passcode when scheduling new meetings. A passcode will be generated when scheduling a meeting and participants require the passcode to join the meeting. |
|
AccountSettings should have schedule_meeting.require_password_for_scheduling_new_meetings eq true |
| Require passcode to access shared cloud recordings |
Passcode protection will be enforced for shared cloud recordings. This setting is applicable for newly generated recordings only. |
|
AccountSettings should have recording.required_password_for_shared_cloud_recordings eq true |
| Ensure only the host can share their screen |
Ensure that only the host can share their screen during a meeting. |
|
AccountSettings should have in_meeting.who_can_share_screen eq "host" |
| Ensure only the host can start sharing their screen while someone else is already sharing |
Only the host can share their screen while someone else is already sharing. |
|
AccountSettings should have in_meeting.who_can_share_screen_when_someone_is_sharing eq "host" |
| Only show the user's default email client when sending email invites |
Only allow users to use their default email client to invite participants by email. |
|
AccountSettings should have in_meeting.sending_default_email_invites eq true |
| Do not start meetings with participants' videos turned on |
Start meetings with participants' videos turned off. Participants can change this during the meeting. This ensures people joining a meeting do not have their camera on without them realizing. Locking the setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.participant_video eq false |
| Require a strong user password |
Enforce the following requirements for a strong user password: passwords should have at least 1 special character, have no consecutive characters, and be at least 9 characters. Also enable enhanced weak password detection. |
|
SecuritySettings should have password_requirement.consecutive_characters_length gte 4 and password_requirement.minimum_password_length gte 9 and password_requirement.have_special_character eq true and password_requirement.weak_enhance_detection eq true |
| Require encryption for third-party endpoints (SIP/H.323) |
By default, Zoom requires encryption for all data transferred between the Zoom cloud, Zoom client, and Zoom Room. Turn on this setting to require encryption for third-party endpoints (SIP/H.323) as well. |
|
AccountSettings should have in_meeting.e2e_encryption eq true |
| Disable uploading custom virtual backgrounds |
Disable users from uploading custom backgrounds to use for their virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_upload_custom eq false |
| Disable using the Personal Meeting ID (PMI) when starting an instant meeting |
Do not use the Personal Meeting ID (PMI) when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false |
| Disable using the Personal Meeting ID (PMI) when scheduling a meeting |
Do not use the Personal Meeting ID (PMI) when scheduling a meeting. This ensures a new meeting ID is used for newly scheduled meetings. Disruptive users would not be able to use the older meeting ID (the PMI) to join a new meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_scheduled_meetings eq false |
| Disable the use of videos for virtual backgrounds |
Disable the use of videos for virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_videos eq false |
| Enable waiting room |
When participants join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting that allows participants to join before the host does. |
|
AccountMeetingSecurity should have meeting_security.waiting_room eq true |
| Place all users in the meeting's waiting room |
Ensure that all users are placed in the meeting waiting room. |
|
AccountMeetingSecurity should have meeting_security.waiting_room_settings.participants_to_place_in_waiting_room eq 0 |
| Enable weak passcode detection |
Enabling the option to use “enhanced weak passcode detection” detects and informs users if their passcode is weak, enabling them to change their passcode to a stronger one. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.weak_enhance_detection eq true |
| Disable the whiteboard feature |
Disable host and participants from sharing a whiteboard during a meeting. |
|
AccountSettings should have in_meeting.whiteboard eq false |
| Description |
Service |
Rule |
| Enable watermarks for meetings |
Adding a watermark enables author accreditation. Each attendee sees a portion of their own email address embedded as a watermark in any shared content and on the video of the participant who is sharing their screen. This option requires enabling “Only signed-in users can join the meeting” or “Only signed-in users with specified domains can join meetings”. |
|
AccountSettings should have in_meeting.watermark eq true |
| Disable annotations while screen sharing |
Disable the use of annotation tools while screen sharing. |
|
AccountSettings should have in_meeting.annotation eq false |
| Enable automatic recording of meetings |
Record meetings automatically as they start. This can capture evidence if any incidents occur during a meeting. |
|
AccountSettings should have recording.auto_recording in ("local", "cloud") |
| Enable auto saving chats |
Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts. |
|
AccountSettings should have in_meeting.auto_saving_chat eq true |
| Disable the auto-answer group feature in chat |
Disable the auto-answer group feature in chat. |
|
AccountSettings should have in_meeting.auto_answer eq false |
| Disable sending files through in-meeting chat |
Disable the feature where hosts and participants can send files through the in-meeting chat. |
|
AccountSettings should have in_meeting.file_transfer eq false |
| Disable closed captioning |
Disable the feature where the host can type closed captions, or assign a participant/third party device to add closed captions. |
|
AccountSettings should have in_meeting.manual_captioning.manual_captions eq false |
| Disable far end camera control |
Disable the feature where another user can control your camera during a meeting. |
|
AccountSettings should have in_meeting.far_end_camera_control eq false |
| Hide billing information from administrators |
Hide billing information from administrators. |
|
SecuritySettings should have hide_billing_info eq true |
| Ensure the host cannot delete cloud recordings |
Recordings cannot be deleted by the host; only administrators can delete them. |
|
AccountSettings should have recording.host_delete_cloud_recording eq false |
| Do not start meetings with the host's video turned on |
Does not require the host's video to be turned on when the host starts a meeting. |
|
AccountSettings should have schedule_meeting.host_video eq false |
| Disable importing photos from the user's device |
Disable users from importing photos from their device. |
|
SecuritySettings should have import_photos_from_devices eq false |
| Disable the in-meeting chat functionality |
Do not allow meeting participants to send messages that are visible to all participants. |
|
AccountSettings should have in_meeting.chat eq false |
| Disable joining before host |
Do not allow participants to join a meeting before the host arrives. Otherwise, unwanted users cannot be removed or muted until the host arrives, which may prove disruptive to other attendees. Locking this setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.join_before_host eq false |
| Disable live streaming meetings |
Disable live streaming meetings. |
|
AccountSettings should have in_meeting.allow_live_streaming eq false |
| Always display ‘Zoom Meeting’ as the meeting topic |
Hide the actual meeting topic and display the text “Zoom Meeting”, for your scheduled meetings. This helps keep the meeting topic confidential by not displaying it publicly. |
|
AccountSettings should have schedule_meeting.not_store_meeting_topic eq true |
| Only account admins can change users' names and profile pictures |
Only account admins can change licensed users' names and profile pictures. |
|
SecuritySettings should have admin_change_user_info eq true and user_modifiable_info_by_admin has ( "name" ) and user_modifiable_info_by_admin has ( "profile_picture" ) |
| Only the host can download cloud recordings |
Enable the “Only the host can download cloud recordings” option to block others from downloading cloud recordings. |
|
AccountSettings should have recording.cloud_recording_download_host eq true |
| Disable the peer-to-peer connection feature |
Do not allow users to directly connect to one another in a 2-person meeting. |
|
AccountSettings should have in_meeting.p2p_connetion eq false |
| Ensure Personal Meeting IDs are enabled |
A Personal Meeting ID (PMI) is a dedicated 9-11 digit number which is assigned to each individual's account when the account is created. This becomes the user's personal meeting room. |
|
AccountSettings should have schedule_meeting.personal_meeting eq true |
| Require a passcode for Personal Meeting ID meetings |
All PMI (Personal Meeting ID) meetings should be passcode-protected. This increases security by ensuring that no one can join a PMI meeting unless they also provide that meeting's passcode. |
|
AccountSettings should have schedule_meeting.require_password_for_pmi_meetings eq "all" |
| Prevent hosts from accessing their cloud recordings |
Prevent hosts from viewing their meetings' cloud recordings. Only admins with recording management privilege will be able to access cloud recordings. |
|
AccountSettings should have recording.prevent_host_access_recording eq true |
| Disable private messaging between meeting participants |
Do not allow meeting participants to send a private 1:1 message to another participant. |
|
AccountSettings should have in_meeting.private_chat eq false |
| Disable remote control of shared content |
Do not allow a meeting participant who is sharing their screen to allow others to control the shared content. |
|
AccountSettings should have in_meeting.remote_control eq false |
| Allow meeting participants to request permission to unmute other participants |
Select this option in the scheduler to request permission to unmute meeting participants and webinar panelists. Permissions, once given, will apply in all meetings scheduled by the same person. |
|
AccountSettings should have in_meeting.request_permission_to_unmute_participants eq true |
| Require a strong passcode |
Enforce the following requirements for a strong passcode: passcodes should have at least 1 letter, at least 1 number, at least 1 special character, have both uppercase and lowercase letters, have no consecutive characters, and be at least 6 characters. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.length gte 6 and meeting_security.meeting_password_requirement.only_allow_numeric eq false and meeting_security.meeting_password_requirement.have_letter eq true and meeting_security.meeting_password_requirement.have_number eq true and meeting_security.meeting_password_requirement.have_special_character eq true and meeting_security.meeting_password_requirement.have_upper_and_lower_characters eq true and meeting_security.meeting_password_requirement.consecutive_characters_length gte 4 |
| Require a passcode for instant meetings |
A random passcode will be generated when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false and schedule_meeting.require_password_for_instant_meetings eq true |
| Require a passcode for participants joining by phone |
A numeric passcode will be required for participants joining by phone if your meeting has a passcode. For meeting with an alphanumeric passcode, a numeric version will be generated. |
|
AccountMeetingSecurity should have meeting_security.phone_password eq true |
| Require a passcode when scheduling new meetings |
Require a passcode when scheduling new meetings. A passcode will be generated when scheduling a meeting and participants require the passcode to join the meeting. |
|
AccountSettings should have schedule_meeting.require_password_for_scheduling_new_meetings eq true |
| Require passcode to access shared cloud recordings |
Passcode protection will be enforced for shared cloud recordings. This setting is applicable for newly generated recordings only. |
|
AccountSettings should have recording.required_password_for_shared_cloud_recordings eq true |
| Ensure only the host can share their screen |
Ensure that only the host can share their screen during a meeting. |
|
AccountSettings should have in_meeting.who_can_share_screen eq "host" |
| Ensure only the host can start sharing their screen while someone else is already sharing |
Only the host can share their screen while someone else is already sharing. |
|
AccountSettings should have in_meeting.who_can_share_screen_when_someone_is_sharing eq "host" |
| Only show the user's default email client when sending email invites |
Only allow users to use their default email client to invite participants by email. |
|
AccountSettings should have in_meeting.sending_default_email_invites eq true |
| Do not start meetings with participants' videos turned on |
Start meetings with participants' videos turned off. Participants can change this during the meeting. This ensures people joining a meeting do not have their camera on without them realizing. Locking the setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.participant_video eq false |
| Require a strong user password |
Enforce the following requirements for a strong user password: passwords should have at least 1 special character, have no consecutive characters, and be at least 9 characters. Also enable enhanced weak password detection. |
|
SecuritySettings should have password_requirement.consecutive_characters_length gte 4 and password_requirement.minimum_password_length gte 9 and password_requirement.have_special_character eq true and password_requirement.weak_enhance_detection eq true |
| Require encryption for third-party endpoints (SIP/H.323) |
By default, Zoom requires encryption for all data transferred between the Zoom cloud, Zoom client, and Zoom Room. Turn on this setting to require encryption for third-party endpoints (SIP/H.323) as well. |
|
AccountSettings should have in_meeting.e2e_encryption eq true |
| Disable uploading custom virtual backgrounds |
Disable users from uploading custom backgrounds to use for their virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_upload_custom eq false |
| Disable using the Personal Meeting ID (PMI) when starting an instant meeting |
Do not use the Personal Meeting ID (PMI) when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false |
| Disable using the Personal Meeting ID (PMI) when scheduling a meeting |
Do not use the Personal Meeting ID (PMI) when scheduling a meeting. This ensures a new meeting ID is used for newly scheduled meetings. Disruptive users would not be able to use the older meeting ID (the PMI) to join a new meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_scheduled_meetings eq false |
| Disable the use of videos for virtual backgrounds |
Disable the use of videos for virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_videos eq false |
| Enable waiting room |
When participants join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting that allows participants to join before the host does. |
|
AccountMeetingSecurity should have meeting_security.waiting_room eq true |
| Place all users in the meeting's waiting room |
Ensure that all users are placed in the meeting waiting room. |
|
AccountMeetingSecurity should have meeting_security.waiting_room_settings.participants_to_place_in_waiting_room eq 0 |
| Enable weak passcode detection |
Enabling the option to use “enhanced weak passcode detection” detects and informs users if their passcode is weak, enabling them to change their passcode to a stronger one. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.weak_enhance_detection eq true |
| Disable the whiteboard feature |
Disable host and participants from sharing a whiteboard during a meeting. |
|
AccountSettings should have in_meeting.whiteboard eq false |
| Description |
Service |
Rule |
| Enable watermarks for meetings |
Adding a watermark enables author accreditation. Each attendee sees a portion of their own email address embedded as a watermark in any shared content and on the video of the participant who is sharing their screen. This option requires enabling “Only signed-in users can join the meeting” or “Only signed-in users with specified domains can join meetings”. |
|
AccountSettings should have in_meeting.watermark eq true |
| Disable annotations while screen sharing |
Disable the use of annotation tools while screen sharing. |
|
AccountSettings should have in_meeting.annotation eq false |
| Enable automatic recording of meetings |
Record meetings automatically as they start. This can capture evidence if any incidents occur during a meeting. |
|
AccountSettings should have recording.auto_recording in ("local", "cloud") |
| Enable auto saving chats |
Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts. |
|
AccountSettings should have in_meeting.auto_saving_chat eq true |
| Disable the auto-answer group feature in chat |
Disable the auto-answer group feature in chat. |
|
AccountSettings should have in_meeting.auto_answer eq false |
| Disable sending files through in-meeting chat |
Disable the feature where hosts and participants can send files through the in-meeting chat. |
|
AccountSettings should have in_meeting.file_transfer eq false |
| Disable closed captioning |
Disable the feature where the host can type closed captions, or assign a participant/third party device to add closed captions. |
|
AccountSettings should have in_meeting.manual_captioning.manual_captions eq false |
| Disable far end camera control |
Disable the feature where another user can control your camera during a meeting. |
|
AccountSettings should have in_meeting.far_end_camera_control eq false |
| Hide billing information from administrators |
Hide billing information from administrators. |
|
SecuritySettings should have hide_billing_info eq true |
| Ensure the host cannot delete cloud recordings |
Recordings cannot be deleted by the host; only administrators can delete them. |
|
AccountSettings should have recording.host_delete_cloud_recording eq false |
| Do not start meetings with the host's video turned on |
Does not require the host's video to be turned on when the host starts a meeting. |
|
AccountSettings should have schedule_meeting.host_video eq false |
| Disable importing photos from the user's device |
Disable users from importing photos from their device. |
|
SecuritySettings should have import_photos_from_devices eq false |
| Disable the in-meeting chat functionality |
Do not allow meeting participants to send messages that are visible to all participants. |
|
AccountSettings should have in_meeting.chat eq false |
| Disable joining before host |
Do not allow participants to join a meeting before the host arrives. Otherwise, unwanted users cannot be removed or muted until the host arrives, which may prove disruptive to other attendees. Locking this setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.join_before_host eq false |
| Disable live streaming meetings |
Disable live streaming meetings. |
|
AccountSettings should have in_meeting.allow_live_streaming eq false |
| Always display ‘Zoom Meeting’ as the meeting topic |
Hide the actual meeting topic and display the text “Zoom Meeting”, for your scheduled meetings. This helps keep the meeting topic confidential by not displaying it publicly. |
|
AccountSettings should have schedule_meeting.not_store_meeting_topic eq true |
| Only account admins can change users' names and profile pictures |
Only account admins can change licensed users' names and profile pictures. |
|
SecuritySettings should have admin_change_user_info eq true and user_modifiable_info_by_admin has ( "name" ) and user_modifiable_info_by_admin has ( "profile_picture" ) |
| Only the host can download cloud recordings |
Enable the “Only the host can download cloud recordings” option to block others from downloading cloud recordings. |
|
AccountSettings should have recording.cloud_recording_download_host eq true |
| Disable the peer-to-peer connection feature |
Do not allow users to directly connect to one another in a 2-person meeting. |
|
AccountSettings should have in_meeting.p2p_connetion eq false |
| Ensure Personal Meeting IDs are enabled |
A Personal Meeting ID (PMI) is a dedicated 9-11 digit number which is assigned to each individual's account when the account is created. This becomes the user's personal meeting room. |
|
AccountSettings should have schedule_meeting.personal_meeting eq true |
| Require a passcode for Personal Meeting ID meetings |
All PMI (Personal Meeting ID) meetings should be passcode-protected. This increases security by ensuring that no one can join a PMI meeting unless they also provide that meeting's passcode. |
|
AccountSettings should have schedule_meeting.require_password_for_pmi_meetings eq "all" |
| Prevent hosts from accessing their cloud recordings |
Prevent hosts from viewing their meetings' cloud recordings. Only admins with recording management privilege will be able to access cloud recordings. |
|
AccountSettings should have recording.prevent_host_access_recording eq true |
| Disable private messaging between meeting participants |
Do not allow meeting participants to send a private 1:1 message to another participant. |
|
AccountSettings should have in_meeting.private_chat eq false |
| Disable remote control of shared content |
Do not allow a meeting participant who is sharing their screen to allow others to control the shared content. |
|
AccountSettings should have in_meeting.remote_control eq false |
| Allow meeting participants to request permission to unmute other participants |
Select this option in the scheduler to request permission to unmute meeting participants and webinar panelists. Permissions, once given, will apply in all meetings scheduled by the same person. |
|
AccountSettings should have in_meeting.request_permission_to_unmute_participants eq true |
| Require a strong passcode |
Enforce the following requirements for a strong passcode: passcodes should have at least 1 letter, at least 1 number, at least 1 special character, have both uppercase and lowercase letters, have no consecutive characters, and be at least 6 characters. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.length gte 6 and meeting_security.meeting_password_requirement.only_allow_numeric eq false and meeting_security.meeting_password_requirement.have_letter eq true and meeting_security.meeting_password_requirement.have_number eq true and meeting_security.meeting_password_requirement.have_special_character eq true and meeting_security.meeting_password_requirement.have_upper_and_lower_characters eq true and meeting_security.meeting_password_requirement.consecutive_characters_length gte 4 |
| Require a passcode for instant meetings |
A random passcode will be generated when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false and schedule_meeting.require_password_for_instant_meetings eq true |
| Require a passcode for participants joining by phone |
A numeric passcode will be required for participants joining by phone if your meeting has a passcode. For meeting with an alphanumeric passcode, a numeric version will be generated. |
|
AccountMeetingSecurity should have meeting_security.phone_password eq true |
| Require a passcode when scheduling new meetings |
Require a passcode when scheduling new meetings. A passcode will be generated when scheduling a meeting and participants require the passcode to join the meeting. |
|
AccountSettings should have schedule_meeting.require_password_for_scheduling_new_meetings eq true |
| Require passcode to access shared cloud recordings |
Passcode protection will be enforced for shared cloud recordings. This setting is applicable for newly generated recordings only. |
|
AccountSettings should have recording.required_password_for_shared_cloud_recordings eq true |
| Ensure only the host can share their screen |
Ensure that only the host can share their screen during a meeting. |
|
AccountSettings should have in_meeting.who_can_share_screen eq "host" |
| Ensure only the host can start sharing their screen while someone else is already sharing |
Only the host can share their screen while someone else is already sharing. |
|
AccountSettings should have in_meeting.who_can_share_screen_when_someone_is_sharing eq "host" |
| Only show the user's default email client when sending email invites |
Only allow users to use their default email client to invite participants by email. |
|
AccountSettings should have in_meeting.sending_default_email_invites eq true |
| Do not start meetings with participants' videos turned on |
Start meetings with participants' videos turned off. Participants can change this during the meeting. This ensures people joining a meeting do not have their camera on without them realizing. Locking the setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.participant_video eq false |
| Require a strong user password |
Enforce the following requirements for a strong user password: passwords should have at least 1 special character, have no consecutive characters, and be at least 9 characters. Also enable enhanced weak password detection. |
|
SecuritySettings should have password_requirement.consecutive_characters_length gte 4 and password_requirement.minimum_password_length gte 9 and password_requirement.have_special_character eq true and password_requirement.weak_enhance_detection eq true |
| Require encryption for third-party endpoints (SIP/H.323) |
By default, Zoom requires encryption for all data transferred between the Zoom cloud, Zoom client, and Zoom Room. Turn on this setting to require encryption for third-party endpoints (SIP/H.323) as well. |
|
AccountSettings should have in_meeting.e2e_encryption eq true |
| Disable uploading custom virtual backgrounds |
Disable users from uploading custom backgrounds to use for their virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_upload_custom eq false |
| Disable using the Personal Meeting ID (PMI) when starting an instant meeting |
Do not use the Personal Meeting ID (PMI) when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false |
| Disable using the Personal Meeting ID (PMI) when scheduling a meeting |
Do not use the Personal Meeting ID (PMI) when scheduling a meeting. This ensures a new meeting ID is used for newly scheduled meetings. Disruptive users would not be able to use the older meeting ID (the PMI) to join a new meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_scheduled_meetings eq false |
| Disable the use of videos for virtual backgrounds |
Disable the use of videos for virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_videos eq false |
| Enable waiting room |
When participants join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting that allows participants to join before the host does. |
|
AccountMeetingSecurity should have meeting_security.waiting_room eq true |
| Place all users in the meeting's waiting room |
Ensure that all users are placed in the meeting waiting room. |
|
AccountMeetingSecurity should have meeting_security.waiting_room_settings.participants_to_place_in_waiting_room eq 0 |
| Enable weak passcode detection |
Enabling the option to use “enhanced weak passcode detection” detects and informs users if their passcode is weak, enabling them to change their passcode to a stronger one. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.weak_enhance_detection eq true |
| Disable the whiteboard feature |
Disable host and participants from sharing a whiteboard during a meeting. |
|
AccountSettings should have in_meeting.whiteboard eq false |
| Description |
Service |
Rule |
| Enable watermarks for meetings |
Adding a watermark enables author accreditation. Each attendee sees a portion of their own email address embedded as a watermark in any shared content and on the video of the participant who is sharing their screen. This option requires enabling “Only signed-in users can join the meeting” or “Only signed-in users with specified domains can join meetings”. |
|
AccountSettings should have in_meeting.watermark eq true |
| Disable annotations while screen sharing |
Disable the use of annotation tools while screen sharing. |
|
AccountSettings should have in_meeting.annotation eq false |
| Enable automatic recording of meetings |
Record meetings automatically as they start. This can capture evidence if any incidents occur during a meeting. |
|
AccountSettings should have recording.auto_recording in ("local", "cloud") |
| Enable auto saving chats |
Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts. |
|
AccountSettings should have in_meeting.auto_saving_chat eq true |
| Disable the auto-answer group feature in chat |
Disable the auto-answer group feature in chat. |
|
AccountSettings should have in_meeting.auto_answer eq false |
| Disable sending files through in-meeting chat |
Disable the feature where hosts and participants can send files through the in-meeting chat. |
|
AccountSettings should have in_meeting.file_transfer eq false |
| Disable closed captioning |
Disable the feature where the host can type closed captions, or assign a participant/third party device to add closed captions. |
|
AccountSettings should have in_meeting.manual_captioning.manual_captions eq false |
| Disable far end camera control |
Disable the feature where another user can control your camera during a meeting. |
|
AccountSettings should have in_meeting.far_end_camera_control eq false |
| Hide billing information from administrators |
Hide billing information from administrators. |
|
SecuritySettings should have hide_billing_info eq true |
| Ensure the host cannot delete cloud recordings |
Recordings cannot be deleted by the host; only administrators can delete them. |
|
AccountSettings should have recording.host_delete_cloud_recording eq false |
| Do not start meetings with the host's video turned on |
Does not require the host's video to be turned on when the host starts a meeting. |
|
AccountSettings should have schedule_meeting.host_video eq false |
| Disable importing photos from the user's device |
Disable users from importing photos from their device. |
|
SecuritySettings should have import_photos_from_devices eq false |
| Disable the in-meeting chat functionality |
Do not allow meeting participants to send messages that are visible to all participants. |
|
AccountSettings should have in_meeting.chat eq false |
| Disable joining before host |
Do not allow participants to join a meeting before the host arrives. Otherwise, unwanted users cannot be removed or muted until the host arrives, which may prove disruptive to other attendees. Locking this setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.join_before_host eq false |
| Disable live streaming meetings |
Disable live streaming meetings. |
|
AccountSettings should have in_meeting.allow_live_streaming eq false |
| Always display ‘Zoom Meeting’ as the meeting topic |
Hide the actual meeting topic and display the text “Zoom Meeting”, for your scheduled meetings. This helps keep the meeting topic confidential by not displaying it publicly. |
|
AccountSettings should have schedule_meeting.not_store_meeting_topic eq true |
| Only account admins can change users' names and profile pictures |
Only account admins can change licensed users' names and profile pictures. |
|
SecuritySettings should have admin_change_user_info eq true and user_modifiable_info_by_admin has ( "name" ) and user_modifiable_info_by_admin has ( "profile_picture" ) |
| Ensure only authenticated users can join meetings |
Ensure only authenticated users can join meetings. This requires participants to authenticate prior to joining meetings. Hosts can choose an authentication method when scheduling the meeting. |
|
AccountSettings should have schedule_meeting.enforce_login eq true |
| Only the host can download cloud recordings |
Enable the “Only the host can download cloud recordings” option to block others from downloading cloud recordings. |
|
AccountSettings should have recording.cloud_recording_download_host eq true |
| Disable the peer-to-peer connection feature |
Do not allow users to directly connect to one another in a 2-person meeting. |
|
AccountSettings should have in_meeting.p2p_connetion eq false |
| Ensure Personal Meeting IDs are enabled |
A Personal Meeting ID (PMI) is a dedicated 9-11 digit number which is assigned to each individual's account when the account is created. This becomes the user's personal meeting room. |
|
AccountSettings should have schedule_meeting.personal_meeting eq true |
| Require a passcode for Personal Meeting ID meetings |
All PMI (Personal Meeting ID) meetings should be passcode-protected. This increases security by ensuring that no one can join a PMI meeting unless they also provide that meeting's passcode. |
|
AccountSettings should have schedule_meeting.require_password_for_pmi_meetings eq "all" |
| Prevent hosts from accessing their cloud recordings |
Prevent hosts from viewing their meetings' cloud recordings. Only admins with recording management privilege will be able to access cloud recordings. |
|
AccountSettings should have recording.prevent_host_access_recording eq true |
| Disable private messaging between meeting participants |
Do not allow meeting participants to send a private 1:1 message to another participant. |
|
AccountSettings should have in_meeting.private_chat eq false |
| Disable remote control of shared content |
Do not allow a meeting participant who is sharing their screen to allow others to control the shared content. |
|
AccountSettings should have in_meeting.remote_control eq false |
| Allow meeting participants to request permission to unmute other participants |
Select this option in the scheduler to request permission to unmute meeting participants and webinar panelists. Permissions, once given, will apply in all meetings scheduled by the same person. |
|
AccountSettings should have in_meeting.request_permission_to_unmute_participants eq true |
| Require a strong passcode |
Enforce the following requirements for a strong passcode: passcodes should have at least 1 letter, at least 1 number, at least 1 special character, have both uppercase and lowercase letters, have no consecutive characters, and be at least 6 characters. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.length gte 6 and meeting_security.meeting_password_requirement.only_allow_numeric eq false and meeting_security.meeting_password_requirement.have_letter eq true and meeting_security.meeting_password_requirement.have_number eq true and meeting_security.meeting_password_requirement.have_special_character eq true and meeting_security.meeting_password_requirement.have_upper_and_lower_characters eq true and meeting_security.meeting_password_requirement.consecutive_characters_length gte 4 |
| Require a passcode for instant meetings |
A random passcode will be generated when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false and schedule_meeting.require_password_for_instant_meetings eq true |
| Require a passcode for participants joining by phone |
A numeric passcode will be required for participants joining by phone if your meeting has a passcode. For meeting with an alphanumeric passcode, a numeric version will be generated. |
|
AccountMeetingSecurity should have meeting_security.phone_password eq true |
| Require a passcode when scheduling new meetings |
Require a passcode when scheduling new meetings. A passcode will be generated when scheduling a meeting and participants require the passcode to join the meeting. |
|
AccountSettings should have schedule_meeting.require_password_for_scheduling_new_meetings eq true |
| Require passcode to access shared cloud recordings |
Passcode protection will be enforced for shared cloud recordings. This setting is applicable for newly generated recordings only. |
|
AccountSettings should have recording.required_password_for_shared_cloud_recordings eq true |
| Ensure only the host can share their screen |
Ensure that only the host can share their screen during a meeting. |
|
AccountSettings should have in_meeting.who_can_share_screen eq "host" |
| Ensure only the host can start sharing their screen while someone else is already sharing |
Only the host can share their screen while someone else is already sharing. |
|
AccountSettings should have in_meeting.who_can_share_screen_when_someone_is_sharing eq "host" |
| Only show the user's default email client when sending email invites |
Only allow users to use their default email client to invite participants by email. |
|
AccountSettings should have in_meeting.sending_default_email_invites eq true |
| Do not start meetings with participants' videos turned on |
Start meetings with participants' videos turned off. Participants can change this during the meeting. This ensures people joining a meeting do not have their camera on without them realizing. Locking the setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.participant_video eq false |
| Require a strong user password |
Enforce the following requirements for a strong user password: passwords should have at least 1 special character, have no consecutive characters, and be at least 9 characters. Also enable enhanced weak password detection. |
|
SecuritySettings should have password_requirement.consecutive_characters_length gte 4 and password_requirement.minimum_password_length gte 9 and password_requirement.have_special_character eq true and password_requirement.weak_enhance_detection eq true |
| Require encryption for third-party endpoints (SIP/H.323) |
By default, Zoom requires encryption for all data transferred between the Zoom cloud, Zoom client, and Zoom Room. Turn on this setting to require encryption for third-party endpoints (SIP/H.323) as well. |
|
AccountSettings should have in_meeting.e2e_encryption eq true |
| Disable uploading custom virtual backgrounds |
Disable users from uploading custom backgrounds to use for their virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_upload_custom eq false |
| Disable using the Personal Meeting ID (PMI) when starting an instant meeting |
Do not use the Personal Meeting ID (PMI) when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false |
| Disable using the Personal Meeting ID (PMI) when scheduling a meeting |
Do not use the Personal Meeting ID (PMI) when scheduling a meeting. This ensures a new meeting ID is used for newly scheduled meetings. Disruptive users would not be able to use the older meeting ID (the PMI) to join a new meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_scheduled_meetings eq false |
| Disable the use of videos for virtual backgrounds |
Disable the use of videos for virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_videos eq false |
| Enable waiting room |
When participants join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting that allows participants to join before the host does. |
|
AccountMeetingSecurity should have meeting_security.waiting_room eq true |
| Place all users in the meeting's waiting room |
Ensure that all users are placed in the meeting waiting room. |
|
AccountMeetingSecurity should have meeting_security.waiting_room_settings.participants_to_place_in_waiting_room eq 0 |
| Enable weak passcode detection |
Enabling the option to use “enhanced weak passcode detection” detects and informs users if their passcode is weak, enabling them to change their passcode to a stronger one. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.weak_enhance_detection eq true |
| Disable the whiteboard feature |
Disable host and participants from sharing a whiteboard during a meeting. |
|
AccountSettings should have in_meeting.whiteboard eq false |
| Description |
Service |
Rule |
| Enable watermarks for meetings |
Adding a watermark enables author accreditation. Each attendee sees a portion of their own email address embedded as a watermark in any shared content and on the video of the participant who is sharing their screen. This option requires enabling “Only signed-in users can join the meeting” or “Only signed-in users with specified domains can join meetings”. |
|
AccountSettings should have in_meeting.watermark eq true |
| Disable annotations while screen sharing |
Disable the use of annotation tools while screen sharing. |
|
AccountSettings should have in_meeting.annotation eq false |
| Enable automatic recording of meetings |
Record meetings automatically as they start. This can capture evidence if any incidents occur during a meeting. |
|
AccountSettings should have recording.auto_recording in ("local", "cloud") |
| Enable auto saving chats |
Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts. |
|
AccountSettings should have in_meeting.auto_saving_chat eq true |
| Disable the auto-answer group feature in chat |
Disable the auto-answer group feature in chat. |
|
AccountSettings should have in_meeting.auto_answer eq false |
| Disable sending files through in-meeting chat |
Disable the feature where hosts and participants can send files through the in-meeting chat. |
|
AccountSettings should have in_meeting.file_transfer eq false |
| Disable closed captioning |
Disable the feature where the host can type closed captions, or assign a participant/third party device to add closed captions. |
|
AccountSettings should have in_meeting.manual_captioning.manual_captions eq false |
| Disable far end camera control |
Disable the feature where another user can control your camera during a meeting. |
|
AccountSettings should have in_meeting.far_end_camera_control eq false |
| Hide billing information from administrators |
Hide billing information from administrators. |
|
SecuritySettings should have hide_billing_info eq true |
| Ensure the host cannot delete cloud recordings |
Recordings cannot be deleted by the host; only administrators can delete them. |
|
AccountSettings should have recording.host_delete_cloud_recording eq false |
| Do not start meetings with the host's video turned on |
Does not require the host's video to be turned on when the host starts a meeting. |
|
AccountSettings should have schedule_meeting.host_video eq false |
| Disable importing photos from the user's device |
Disable users from importing photos from their device. |
|
SecuritySettings should have import_photos_from_devices eq false |
| Disable the in-meeting chat functionality |
Do not allow meeting participants to send messages that are visible to all participants. |
|
AccountSettings should have in_meeting.chat eq false |
| Disable joining before host |
Do not allow participants to join a meeting before the host arrives. Otherwise, unwanted users cannot be removed or muted until the host arrives, which may prove disruptive to other attendees. Locking this setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.join_before_host eq false |
| Disable live streaming meetings |
Disable live streaming meetings. |
|
AccountSettings should have in_meeting.allow_live_streaming eq false |
| Always display ‘Zoom Meeting’ as the meeting topic |
Hide the actual meeting topic and display the text “Zoom Meeting”, for your scheduled meetings. This helps keep the meeting topic confidential by not displaying it publicly. |
|
AccountSettings should have schedule_meeting.not_store_meeting_topic eq true |
| Only account admins can change users' names and profile pictures |
Only account admins can change licensed users' names and profile pictures. |
|
SecuritySettings should have admin_change_user_info eq true and user_modifiable_info_by_admin has ( "name" ) and user_modifiable_info_by_admin has ( "profile_picture" ) |
| Only the host can download cloud recordings |
Enable the “Only the host can download cloud recordings” option to block others from downloading cloud recordings. |
|
AccountSettings should have recording.cloud_recording_download_host eq true |
| Disable the peer-to-peer connection feature |
Do not allow users to directly connect to one another in a 2-person meeting. |
|
AccountSettings should have in_meeting.p2p_connetion eq false |
| Ensure Personal Meeting IDs are enabled |
A Personal Meeting ID (PMI) is a dedicated 9-11 digit number which is assigned to each individual's account when the account is created. This becomes the user's personal meeting room. |
|
AccountSettings should have schedule_meeting.personal_meeting eq true |
| Require a passcode for Personal Meeting ID meetings |
All PMI (Personal Meeting ID) meetings should be passcode-protected. This increases security by ensuring that no one can join a PMI meeting unless they also provide that meeting's passcode. |
|
AccountSettings should have schedule_meeting.require_password_for_pmi_meetings eq "all" |
| Prevent hosts from accessing their cloud recordings |
Prevent hosts from viewing their meetings' cloud recordings. Only admins with recording management privilege will be able to access cloud recordings. |
|
AccountSettings should have recording.prevent_host_access_recording eq true |
| Disable private messaging between meeting participants |
Do not allow meeting participants to send a private 1:1 message to another participant. |
|
AccountSettings should have in_meeting.private_chat eq false |
| Add a timestamp to meeting recordings |
Add a timestamp to meeting recordings. |
|
AccountSettings should have recording.show_timestamp eq true |
| Disable remote control of shared content |
Do not allow a meeting participant who is sharing their screen to allow others to control the shared content. |
|
AccountSettings should have in_meeting.remote_control eq false |
| Allow meeting participants to request permission to unmute other participants |
Select this option in the scheduler to request permission to unmute meeting participants and webinar panelists. Permissions, once given, will apply in all meetings scheduled by the same person. |
|
AccountSettings should have in_meeting.request_permission_to_unmute_participants eq true |
| Require a strong passcode |
Enforce the following requirements for a strong passcode: passcodes should have at least 1 letter, at least 1 number, at least 1 special character, have both uppercase and lowercase letters, have no consecutive characters, and be at least 6 characters. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.length gte 6 and meeting_security.meeting_password_requirement.only_allow_numeric eq false and meeting_security.meeting_password_requirement.have_letter eq true and meeting_security.meeting_password_requirement.have_number eq true and meeting_security.meeting_password_requirement.have_special_character eq true and meeting_security.meeting_password_requirement.have_upper_and_lower_characters eq true and meeting_security.meeting_password_requirement.consecutive_characters_length gte 4 |
| Require a passcode for instant meetings |
A random passcode will be generated when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false and schedule_meeting.require_password_for_instant_meetings eq true |
| Require a passcode for participants joining by phone |
A numeric passcode will be required for participants joining by phone if your meeting has a passcode. For meeting with an alphanumeric passcode, a numeric version will be generated. |
|
AccountMeetingSecurity should have meeting_security.phone_password eq true |
| Require a passcode when scheduling new meetings |
Require a passcode when scheduling new meetings. A passcode will be generated when scheduling a meeting and participants require the passcode to join the meeting. |
|
AccountSettings should have schedule_meeting.require_password_for_scheduling_new_meetings eq true |
| Require passcode to access shared cloud recordings |
Passcode protection will be enforced for shared cloud recordings. This setting is applicable for newly generated recordings only. |
|
AccountSettings should have recording.required_password_for_shared_cloud_recordings eq true |
| Ensure only the host can share their screen |
Ensure that only the host can share their screen during a meeting. |
|
AccountSettings should have in_meeting.who_can_share_screen eq "host" |
| Ensure only the host can start sharing their screen while someone else is already sharing |
Only the host can share their screen while someone else is already sharing. |
|
AccountSettings should have in_meeting.who_can_share_screen_when_someone_is_sharing eq "host" |
| Only show the user's default email client when sending email invites |
Only allow users to use their default email client to invite participants by email. |
|
AccountSettings should have in_meeting.sending_default_email_invites eq true |
| Do not start meetings with participants' videos turned on |
Start meetings with participants' videos turned off. Participants can change this during the meeting. This ensures people joining a meeting do not have their camera on without them realizing. Locking the setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.participant_video eq false |
| Require a strong user password |
Enforce the following requirements for a strong user password: passwords should have at least 1 special character, have no consecutive characters, and be at least 9 characters. Also enable enhanced weak password detection. |
|
SecuritySettings should have password_requirement.consecutive_characters_length gte 4 and password_requirement.minimum_password_length gte 9 and password_requirement.have_special_character eq true and password_requirement.weak_enhance_detection eq true |
| Require encryption for third-party endpoints (SIP/H.323) |
By default, Zoom requires encryption for all data transferred between the Zoom cloud, Zoom client, and Zoom Room. Turn on this setting to require encryption for third-party endpoints (SIP/H.323) as well. |
|
AccountSettings should have in_meeting.e2e_encryption eq true |
| Disable uploading custom virtual backgrounds |
Disable users from uploading custom backgrounds to use for their virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_upload_custom eq false |
| Disable using the Personal Meeting ID (PMI) when starting an instant meeting |
Do not use the Personal Meeting ID (PMI) when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false |
| Disable using the Personal Meeting ID (PMI) when scheduling a meeting |
Do not use the Personal Meeting ID (PMI) when scheduling a meeting. This ensures a new meeting ID is used for newly scheduled meetings. Disruptive users would not be able to use the older meeting ID (the PMI) to join a new meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_scheduled_meetings eq false |
| Disable the use of videos for virtual backgrounds |
Disable the use of videos for virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_videos eq false |
| Enable waiting room |
When participants join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting that allows participants to join before the host does. |
|
AccountMeetingSecurity should have meeting_security.waiting_room eq true |
| Place all users in the meeting's waiting room |
Ensure that all users are placed in the meeting waiting room. |
|
AccountMeetingSecurity should have meeting_security.waiting_room_settings.participants_to_place_in_waiting_room eq 0 |
| Enable weak passcode detection |
Enabling the option to use “enhanced weak passcode detection” detects and informs users if their passcode is weak, enabling them to change their passcode to a stronger one. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.weak_enhance_detection eq true |
| Disable the whiteboard feature |
Disable host and participants from sharing a whiteboard during a meeting. |
|
AccountSettings should have in_meeting.whiteboard eq false |
| Description |
Service |
Rule |
| Enable watermarks for meetings |
Adding a watermark enables author accreditation. Each attendee sees a portion of their own email address embedded as a watermark in any shared content and on the video of the participant who is sharing their screen. This option requires enabling “Only signed-in users can join the meeting” or “Only signed-in users with specified domains can join meetings”. |
|
AccountSettings should have in_meeting.watermark eq true |
| Disable annotations while screen sharing |
Disable the use of annotation tools while screen sharing. |
|
AccountSettings should have in_meeting.annotation eq false |
| Enable automatic recording of meetings |
Record meetings automatically as they start. This can capture evidence if any incidents occur during a meeting. |
|
AccountSettings should have recording.auto_recording in ("local", "cloud") |
| Enable auto saving chats |
Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts. |
|
AccountSettings should have in_meeting.auto_saving_chat eq true |
| Disable the auto-answer group feature in chat |
Disable the auto-answer group feature in chat. |
|
AccountSettings should have in_meeting.auto_answer eq false |
| Disable sending files through in-meeting chat |
Disable the feature where hosts and participants can send files through the in-meeting chat. |
|
AccountSettings should have in_meeting.file_transfer eq false |
| Disable closed captioning |
Disable the feature where the host can type closed captions, or assign a participant/third party device to add closed captions. |
|
AccountSettings should have in_meeting.manual_captioning.manual_captions eq false |
| Disable far end camera control |
Disable the feature where another user can control your camera during a meeting. |
|
AccountSettings should have in_meeting.far_end_camera_control eq false |
| Hide billing information from administrators |
Hide billing information from administrators. |
|
SecuritySettings should have hide_billing_info eq true |
| Ensure the host cannot delete cloud recordings |
Recordings cannot be deleted by the host; only administrators can delete them. |
|
AccountSettings should have recording.host_delete_cloud_recording eq false |
| Do not start meetings with the host's video turned on |
Does not require the host's video to be turned on when the host starts a meeting. |
|
AccountSettings should have schedule_meeting.host_video eq false |
| Disable importing photos from the user's device |
Disable users from importing photos from their device. |
|
SecuritySettings should have import_photos_from_devices eq false |
| Disable the in-meeting chat functionality |
Do not allow meeting participants to send messages that are visible to all participants. |
|
AccountSettings should have in_meeting.chat eq false |
| Disable joining before host |
Do not allow participants to join a meeting before the host arrives. Otherwise, unwanted users cannot be removed or muted until the host arrives, which may prove disruptive to other attendees. Locking this setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.join_before_host eq false |
| Disable live streaming meetings |
Disable live streaming meetings. |
|
AccountSettings should have in_meeting.allow_live_streaming eq false |
| Always display ‘Zoom Meeting’ as the meeting topic |
Hide the actual meeting topic and display the text “Zoom Meeting”, for your scheduled meetings. This helps keep the meeting topic confidential by not displaying it publicly. |
|
AccountSettings should have schedule_meeting.not_store_meeting_topic eq true |
| Only account admins can change users' names and profile pictures |
Only account admins can change licensed users' names and profile pictures. |
|
SecuritySettings should have admin_change_user_info eq true and user_modifiable_info_by_admin has ( "name" ) and user_modifiable_info_by_admin has ( "profile_picture" ) |
| Only the host can download cloud recordings |
Enable the “Only the host can download cloud recordings” option to block others from downloading cloud recordings. |
|
AccountSettings should have recording.cloud_recording_download_host eq true |
| Disable the peer-to-peer connection feature |
Do not allow users to directly connect to one another in a 2-person meeting. |
|
AccountSettings should have in_meeting.p2p_connetion eq false |
| Ensure Personal Meeting IDs are enabled |
A Personal Meeting ID (PMI) is a dedicated 9-11 digit number which is assigned to each individual's account when the account is created. This becomes the user's personal meeting room. |
|
AccountSettings should have schedule_meeting.personal_meeting eq true |
| Require a passcode for Personal Meeting ID meetings |
All PMI (Personal Meeting ID) meetings should be passcode-protected. This increases security by ensuring that no one can join a PMI meeting unless they also provide that meeting's passcode. |
|
AccountSettings should have schedule_meeting.require_password_for_pmi_meetings eq "all" |
| Prevent hosts from accessing their cloud recordings |
Prevent hosts from viewing their meetings' cloud recordings. Only admins with recording management privilege will be able to access cloud recordings. |
|
AccountSettings should have recording.prevent_host_access_recording eq true |
| Disable private messaging between meeting participants |
Do not allow meeting participants to send a private 1:1 message to another participant. |
|
AccountSettings should have in_meeting.private_chat eq false |
| Add a timestamp to meeting recordings |
Add a timestamp to meeting recordings. |
|
AccountSettings should have recording.show_timestamp eq true |
| Disable remote control of shared content |
Do not allow a meeting participant who is sharing their screen to allow others to control the shared content. |
|
AccountSettings should have in_meeting.remote_control eq false |
| Allow meeting participants to request permission to unmute other participants |
Select this option in the scheduler to request permission to unmute meeting participants and webinar panelists. Permissions, once given, will apply in all meetings scheduled by the same person. |
|
AccountSettings should have in_meeting.request_permission_to_unmute_participants eq true |
| Require a strong passcode |
Enforce the following requirements for a strong passcode: passcodes should have at least 1 letter, at least 1 number, at least 1 special character, have both uppercase and lowercase letters, have no consecutive characters, and be at least 6 characters. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.length gte 6 and meeting_security.meeting_password_requirement.only_allow_numeric eq false and meeting_security.meeting_password_requirement.have_letter eq true and meeting_security.meeting_password_requirement.have_number eq true and meeting_security.meeting_password_requirement.have_special_character eq true and meeting_security.meeting_password_requirement.have_upper_and_lower_characters eq true and meeting_security.meeting_password_requirement.consecutive_characters_length gte 4 |
| Require a passcode for instant meetings |
A random passcode will be generated when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false and schedule_meeting.require_password_for_instant_meetings eq true |
| Require a passcode for participants joining by phone |
A numeric passcode will be required for participants joining by phone if your meeting has a passcode. For meeting with an alphanumeric passcode, a numeric version will be generated. |
|
AccountMeetingSecurity should have meeting_security.phone_password eq true |
| Require a passcode when scheduling new meetings |
Require a passcode when scheduling new meetings. A passcode will be generated when scheduling a meeting and participants require the passcode to join the meeting. |
|
AccountSettings should have schedule_meeting.require_password_for_scheduling_new_meetings eq true |
| Require passcode to access shared cloud recordings |
Passcode protection will be enforced for shared cloud recordings. This setting is applicable for newly generated recordings only. |
|
AccountSettings should have recording.required_password_for_shared_cloud_recordings eq true |
| Ensure only the host can share their screen |
Ensure that only the host can share their screen during a meeting. |
|
AccountSettings should have in_meeting.who_can_share_screen eq "host" |
| Ensure only the host can start sharing their screen while someone else is already sharing |
Only the host can share their screen while someone else is already sharing. |
|
AccountSettings should have in_meeting.who_can_share_screen_when_someone_is_sharing eq "host" |
| Only show the user's default email client when sending email invites |
Only allow users to use their default email client to invite participants by email. |
|
AccountSettings should have in_meeting.sending_default_email_invites eq true |
| Do not start meetings with participants' videos turned on |
Start meetings with participants' videos turned off. Participants can change this during the meeting. This ensures people joining a meeting do not have their camera on without them realizing. Locking the setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.participant_video eq false |
| Require a strong user password |
Enforce the following requirements for a strong user password: passwords should have at least 1 special character, have no consecutive characters, and be at least 9 characters. Also enable enhanced weak password detection. |
|
SecuritySettings should have password_requirement.consecutive_characters_length gte 4 and password_requirement.minimum_password_length gte 9 and password_requirement.have_special_character eq true and password_requirement.weak_enhance_detection eq true |
| Require encryption for third-party endpoints (SIP/H.323) |
By default, Zoom requires encryption for all data transferred between the Zoom cloud, Zoom client, and Zoom Room. Turn on this setting to require encryption for third-party endpoints (SIP/H.323) as well. |
|
AccountSettings should have in_meeting.e2e_encryption eq true |
| Disable uploading custom virtual backgrounds |
Disable users from uploading custom backgrounds to use for their virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_upload_custom eq false |
| Disable using the Personal Meeting ID (PMI) when starting an instant meeting |
Do not use the Personal Meeting ID (PMI) when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false |
| Disable using the Personal Meeting ID (PMI) when scheduling a meeting |
Do not use the Personal Meeting ID (PMI) when scheduling a meeting. This ensures a new meeting ID is used for newly scheduled meetings. Disruptive users would not be able to use the older meeting ID (the PMI) to join a new meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_scheduled_meetings eq false |
| Disable the use of videos for virtual backgrounds |
Disable the use of videos for virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_videos eq false |
| Enable waiting room |
When participants join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting that allows participants to join before the host does. |
|
AccountMeetingSecurity should have meeting_security.waiting_room eq true |
| Place all users in the meeting's waiting room |
Ensure that all users are placed in the meeting waiting room. |
|
AccountMeetingSecurity should have meeting_security.waiting_room_settings.participants_to_place_in_waiting_room eq 0 |
| Enable weak passcode detection |
Enabling the option to use “enhanced weak passcode detection” detects and informs users if their passcode is weak, enabling them to change their passcode to a stronger one. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.weak_enhance_detection eq true |
| Disable the whiteboard feature |
Disable host and participants from sharing a whiteboard during a meeting. |
|
AccountSettings should have in_meeting.whiteboard eq false |
| Description |
Service |
Rule |
| Enable watermarks for meetings |
Adding a watermark enables author accreditation. Each attendee sees a portion of their own email address embedded as a watermark in any shared content and on the video of the participant who is sharing their screen. This option requires enabling “Only signed-in users can join the meeting” or “Only signed-in users with specified domains can join meetings”. |
|
AccountSettings should have in_meeting.watermark eq true |
| Disable annotations while screen sharing |
Disable the use of annotation tools while screen sharing. |
|
AccountSettings should have in_meeting.annotation eq false |
| Enable automatic recording of meetings |
Record meetings automatically as they start. This can capture evidence if any incidents occur during a meeting. |
|
AccountSettings should have recording.auto_recording in ("local", "cloud") |
| Enable auto saving chats |
Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts. |
|
AccountSettings should have in_meeting.auto_saving_chat eq true |
| Disable the auto-answer group feature in chat |
Disable the auto-answer group feature in chat. |
|
AccountSettings should have in_meeting.auto_answer eq false |
| Disable sending files through in-meeting chat |
Disable the feature where hosts and participants can send files through the in-meeting chat. |
|
AccountSettings should have in_meeting.file_transfer eq false |
| Disable closed captioning |
Disable the feature where the host can type closed captions, or assign a participant/third party device to add closed captions. |
|
AccountSettings should have in_meeting.manual_captioning.manual_captions eq false |
| Disable far end camera control |
Disable the feature where another user can control your camera during a meeting. |
|
AccountSettings should have in_meeting.far_end_camera_control eq false |
| Hide billing information from administrators |
Hide billing information from administrators. |
|
SecuritySettings should have hide_billing_info eq true |
| Ensure the host cannot delete cloud recordings |
Recordings cannot be deleted by the host; only administrators can delete them. |
|
AccountSettings should have recording.host_delete_cloud_recording eq false |
| Do not start meetings with the host's video turned on |
Does not require the host's video to be turned on when the host starts a meeting. |
|
AccountSettings should have schedule_meeting.host_video eq false |
| Disable importing photos from the user's device |
Disable users from importing photos from their device. |
|
SecuritySettings should have import_photos_from_devices eq false |
| Disable the in-meeting chat functionality |
Do not allow meeting participants to send messages that are visible to all participants. |
|
AccountSettings should have in_meeting.chat eq false |
| Disable joining before host |
Do not allow participants to join a meeting before the host arrives. Otherwise, unwanted users cannot be removed or muted until the host arrives, which may prove disruptive to other attendees. Locking this setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.join_before_host eq false |
| Disable live streaming meetings |
Disable live streaming meetings. |
|
AccountSettings should have in_meeting.allow_live_streaming eq false |
| Always display ‘Zoom Meeting’ as the meeting topic |
Hide the actual meeting topic and display the text “Zoom Meeting”, for your scheduled meetings. This helps keep the meeting topic confidential by not displaying it publicly. |
|
AccountSettings should have schedule_meeting.not_store_meeting_topic eq true |
| Only account admins can change users' names and profile pictures |
Only account admins can change licensed users' names and profile pictures. |
|
SecuritySettings should have admin_change_user_info eq true and user_modifiable_info_by_admin has ( "name" ) and user_modifiable_info_by_admin has ( "profile_picture" ) |
| Only the host can download cloud recordings |
Enable the “Only the host can download cloud recordings” option to block others from downloading cloud recordings. |
|
AccountSettings should have recording.cloud_recording_download_host eq true |
| Disable the peer-to-peer connection feature |
Do not allow users to directly connect to one another in a 2-person meeting. |
|
AccountSettings should have in_meeting.p2p_connetion eq false |
| Ensure Personal Meeting IDs are enabled |
A Personal Meeting ID (PMI) is a dedicated 9-11 digit number which is assigned to each individual's account when the account is created. This becomes the user's personal meeting room. |
|
AccountSettings should have schedule_meeting.personal_meeting eq true |
| Require a passcode for Personal Meeting ID meetings |
All PMI (Personal Meeting ID) meetings should be passcode-protected. This increases security by ensuring that no one can join a PMI meeting unless they also provide that meeting's passcode. |
|
AccountSettings should have schedule_meeting.require_password_for_pmi_meetings eq "all" |
| Prevent hosts from accessing their cloud recordings |
Prevent hosts from viewing their meetings' cloud recordings. Only admins with recording management privilege will be able to access cloud recordings. |
|
AccountSettings should have recording.prevent_host_access_recording eq true |
| Disable private messaging between meeting participants |
Do not allow meeting participants to send a private 1:1 message to another participant. |
|
AccountSettings should have in_meeting.private_chat eq false |
| Add a timestamp to meeting recordings |
Add a timestamp to meeting recordings. |
|
AccountSettings should have recording.show_timestamp eq true |
| Disable remote control of shared content |
Do not allow a meeting participant who is sharing their screen to allow others to control the shared content. |
|
AccountSettings should have in_meeting.remote_control eq false |
| Allow meeting participants to request permission to unmute other participants |
Select this option in the scheduler to request permission to unmute meeting participants and webinar panelists. Permissions, once given, will apply in all meetings scheduled by the same person. |
|
AccountSettings should have in_meeting.request_permission_to_unmute_participants eq true |
| Require a strong passcode |
Enforce the following requirements for a strong passcode: passcodes should have at least 1 letter, at least 1 number, at least 1 special character, have both uppercase and lowercase letters, have no consecutive characters, and be at least 6 characters. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.length gte 6 and meeting_security.meeting_password_requirement.only_allow_numeric eq false and meeting_security.meeting_password_requirement.have_letter eq true and meeting_security.meeting_password_requirement.have_number eq true and meeting_security.meeting_password_requirement.have_special_character eq true and meeting_security.meeting_password_requirement.have_upper_and_lower_characters eq true and meeting_security.meeting_password_requirement.consecutive_characters_length gte 4 |
| Require a passcode for instant meetings |
A random passcode will be generated when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false and schedule_meeting.require_password_for_instant_meetings eq true |
| Require a passcode for participants joining by phone |
A numeric passcode will be required for participants joining by phone if your meeting has a passcode. For meeting with an alphanumeric passcode, a numeric version will be generated. |
|
AccountMeetingSecurity should have meeting_security.phone_password eq true |
| Require a passcode when scheduling new meetings |
Require a passcode when scheduling new meetings. A passcode will be generated when scheduling a meeting and participants require the passcode to join the meeting. |
|
AccountSettings should have schedule_meeting.require_password_for_scheduling_new_meetings eq true |
| Require passcode to access shared cloud recordings |
Passcode protection will be enforced for shared cloud recordings. This setting is applicable for newly generated recordings only. |
|
AccountSettings should have recording.required_password_for_shared_cloud_recordings eq true |
| Ensure only the host can share their screen |
Ensure that only the host can share their screen during a meeting. |
|
AccountSettings should have in_meeting.who_can_share_screen eq "host" |
| Ensure only the host can start sharing their screen while someone else is already sharing |
Only the host can share their screen while someone else is already sharing. |
|
AccountSettings should have in_meeting.who_can_share_screen_when_someone_is_sharing eq "host" |
| Only show the user's default email client when sending email invites |
Only allow users to use their default email client to invite participants by email. |
|
AccountSettings should have in_meeting.sending_default_email_invites eq true |
| Do not start meetings with participants' videos turned on |
Start meetings with participants' videos turned off. Participants can change this during the meeting. This ensures people joining a meeting do not have their camera on without them realizing. Locking the setting ensures no one changes this when creating a meeting. |
|
AccountSettings should have schedule_meeting.participant_video eq false |
| Require a strong user password |
Enforce the following requirements for a strong user password: passwords should have at least 1 special character, have no consecutive characters, and be at least 9 characters. Also enable enhanced weak password detection. |
|
SecuritySettings should have password_requirement.consecutive_characters_length gte 4 and password_requirement.minimum_password_length gte 9 and password_requirement.have_special_character eq true and password_requirement.weak_enhance_detection eq true |
| Require encryption for third-party endpoints (SIP/H.323) |
By default, Zoom requires encryption for all data transferred between the Zoom cloud, Zoom client, and Zoom Room. Turn on this setting to require encryption for third-party endpoints (SIP/H.323) as well. |
|
AccountSettings should have in_meeting.e2e_encryption eq true |
| Disable uploading custom virtual backgrounds |
Disable users from uploading custom backgrounds to use for their virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_upload_custom eq false |
| Disable using the Personal Meeting ID (PMI) when starting an instant meeting |
Do not use the Personal Meeting ID (PMI) when starting an instant meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_instant_meetings eq false |
| Disable using the Personal Meeting ID (PMI) when scheduling a meeting |
Do not use the Personal Meeting ID (PMI) when scheduling a meeting. This ensures a new meeting ID is used for newly scheduled meetings. Disruptive users would not be able to use the older meeting ID (the PMI) to join a new meeting. |
|
AccountSettings should have schedule_meeting.use_pmi_for_scheduled_meetings eq false |
| Disable the use of videos for virtual backgrounds |
Disable the use of videos for virtual backgrounds. |
|
AccountSettings should have in_meeting.virtual_background eq false or in_meeting.virtual_background_settings.allow_videos eq false |
| Enable waiting room |
When participants join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting that allows participants to join before the host does. |
|
AccountMeetingSecurity should have meeting_security.waiting_room eq true |
| Place all users in the meeting's waiting room |
Ensure that all users are placed in the meeting waiting room. |
|
AccountMeetingSecurity should have meeting_security.waiting_room_settings.participants_to_place_in_waiting_room eq 0 |
| Enable weak passcode detection |
Enabling the option to use “enhanced weak passcode detection” detects and informs users if their passcode is weak, enabling them to change their passcode to a stronger one. |
|
AccountMeetingSecurity should have meeting_security.meeting_password_requirement.weak_enhance_detection eq true |
| Disable the whiteboard feature |
Disable host and participants from sharing a whiteboard during a meeting. |
|
AccountSettings should have in_meeting.whiteboard eq false |
