ZDM for Zoom desktop and mobile clients
There is an extension to Zoom device management that allows administrators to configure client behavior based on device-specific policies across Zoom’s desktop and mobile clients. This is a major advancement in the Zoom device management process. If these policies are applied to a client, they always have the same effect on the client’s behavior, regardless of who the user is logged in as. A system like MSI/GPO or a similar process must be used to manually distribute and apply these settings. As a result of Zoom Device Management (ZDM), enterprise administrators can manage their clients through the Zoom web portal. Clients can be grouped according to their needs, and policies can be applied to specific groups of clients. ZDM policy management tool is compatible with Windows, macOS, Linux, iOS and Android systems.
Remarks:
- It is possible to generate a report after registering your devices with Zoom to get a detailed list of the clients you manage.
- Users’ ZDM settings are not specific to their devices or clients, they are specific to their ZDM settings.
The following topics are covered in this article:
- How to create device groups to manage your Zoom desktop and mobile clients
- How to access the registration token to register a Zoom desktop and mobile client
- How to provide the registration token
- Deploy the enrollment to Windows devices
- Deploying the enrollment token on macOS devices with PLIST
- Deploying the registration token to Linux devices using the configuration file
- Deploy enrollment token to Android devices with MDM
- Deploy enrollment token on iOS devices with MDM
- How to deregister a device from ZDM
- How to delete a device group
- How to change group settings for your managed Zoom desktop and mobile clients
Zoom device management requirements for Zoom desktop and mobile clients
- accounts for companies
- Ownership or administrative rights of an account
- Zoom desktop client
- Windows: 5.8.3 or higher
- macOS: 5.8.3 or higher
- Linux: 5.8.3 or higher
- Mobile Zoom client
- Android: 5.8.3 or higher
- iOS: 5.8.3 or later
Note: If you would like to enable this feature, please contact Zoom Support. To ensure the feature activates within three business days of contacting support, please allow up to three business days.
How to create device groups to manage your Zoom desktop and mobile clients
To ensure each team or department has access to the features they need, different groups need to be set up so you can segment your managed devices according to their security needs and apply policies according to their needs. When creating a group, a token is automatically generated once the group is created. In order to register your devices with ZDM, you must create at least one group.
Note: To access your registration token, please see the Accessing a Registration Token section of our website.
- Sign in to the Zoom web portal as an administrator to access the Zoom web portal.
- Select Device Management from the navigation menu and then Device List from the Device List drop-down menu.
- On the Groups tab, click the + Add Group link, then go to the Groups tab.
- The name of the group should be entered in the Group Name field.
- You can enter a description of the group in the Description field (optional).
- When you have completed the process, click on the Finish button.
- You can create another group by clicking Save & Add Another (optional).
How to access the registration token to register a Zoom desktop and mobile client
The unique token created for each device group is now accessible once your device groups have been created. To enroll the device to the appropriate device group, the token must be provided on the desktop client or mobile app in order for it to work.
- Make sure you are logged in as an administrator on the Zoom web portal.
- To access the device list, click the Device Management link in the navigation menu.
- The Groups tab can be accessed by clicking the Edit button to the right of each group you want to edit.
- To access your profile, click on the Profile tab.
- The following steps must be performed under the Registration section:
- The enrollment configuration file for devices running Windows can be downloaded when you enroll them.
- You must click Copy next to the token generated for this group when enrolling devices running non-Windows operating systems.
Remarks:- You can copy the token to your clipboard once you click the button.
- As an alternative to using the clipboard, you can copy and paste the token manually instead of using the clipboard.
How to provide the registration token
Now that you’ve generated your registration token, it’s time to deploy it to the managed installations you’ve created in your environment. You can use the SetEnrollToken4CloudMDM key to set the enrollment token to be used by the Cloud MDM system. Depending on your operating system, you can refer to the following examples:
Deploy the enrollment token to Windows devices
To enroll your devices, you can send a configuration file to your MSI/GPO process to enroll the devices. Here are some examples you can use to copy your token to your key:
With MSI
If you would deploy the MSI like this; If you replace *Token> with the generated token, the deployment would look like this:
msiexec /i ZoomInstallerFull.msi with location of ZoomConfig value “SetEnrollToken4CloudMDM=*Token>”
Note: For more detailed information on MSI deployment, see the MSI Deployment Support article available on the Microsoft website.
Use GPO
It would be as simple as providing a GPO and replacing *Token> with what you generated in the step above:
“SetEnrollToken4CloudMDM”=”” “Token” “*Token>”‘”
In particular, this configuration key and value are contained in a configuration file located in the following location:
I found the following registry key: “HKCU/SOFTWARE/Policies/Zoom/Zoom Meetings/General” in HKEY_LOCAL_MACHINE
Note: There is a support article for Group Policy Options for Windows with more detailed information on deploying GPOs.
Deploying the enrollment token on macOS devices with PLIST
As an example of how you might provide a plist this way, you would replace *Token> with the token you generated:
Note: PLIST deployment for macOS is detailed in the Bulk Install for macOS support article, which you can refer to for more information.
Deploying the registration token to Linux devices using the configuration file
It would be possible to provide your token in such a way that you simply
SetEnrollToken4CloudMDM=”
There is a configuration key and value that should be set in this file to achieve this configuration:
~/.config/zoomus.conf
Deploy enrollment token to Android devices with MDM
The Zoom Android app can be deployed to managed devices in your organization through AirWatch, Microsoft Intune, and Google Workspace. The method you choose must be configured as mandatory – SetEnrollToken4CloudMDM, and the configuration value for this key is the token you created when you created this device/group of devices.
The following is an example of the XML file used for deployment via Intune, where you
Note: For more detailed information on deploying MDM for Android, see the MDM for Android support article.
Deploy enrollment token on iOS devices with MDM
With AirWatch and Intune, Zoom can be deployed to managed devices in conjunction with the Zoom app for iOS. The SetEnrollToken4CloudMDM configuration key would need to be set along with the endpoint configuration value that you created for this device/device group. Whichever method you choose, you must set a configuration key called SetEnrollToken4CloudMDM.
It is possible to create a sample XML for deployment via AirWatch by replacing the token you generated with something like:
Note: It is highly recommended that you read the MDM for iOS support article for more information on MDM deployment for Android.
How to deregister a device from ZDM
It is always possible to deregister a device after it has been registered in the ZDM.
- SetEnrollToken4CloudMDM is a command provided by MSI/GPO/PLIST/MDM to clear all token values set when the tokens were deployed.
- You must log in to the Zoom web portal as an administrator.
- You can access the device list by clicking the Device Management link in the navigation menu.
- Click the empty box to the left of the device you want to deregister, and then identify the device you want to deregister.
- You can select the option to deregister the device by clicking the ellipsis button in the upper-right corner of the device list.
How to delete a device group
It is always possible to delete a group after it has been created. When a group is deleted, all registration tokens associated with that group are automatically deleted as well.
Note: It is possible to delete any number of groups at once if you want to delete several at once.
- To access Zoom, you must log in as an administrator.
- Click Device Management on the navigation menu, and then click Device List on the Device Management menu.
- Go to the Groups tab and click on it.
- Click the empty space to the left of the group you want to delete. You can then delete that group from your account.
- To delete the tab, you need to click the Delete button in the top right corner.
- To confirm deleting the file, click the Delete button in the pop-up window that appears.
How to change group settings for your managed Zoom desktop and mobile clients
For more information, see Modifying Group Settings for ZDM Managed Clients.
