Securing Zoom Meetings


Zoom has seen an increased risk of incidents of abuse caused by unwelcome visitors disrupting virtual meetings with inappropriate behaviour.  There are several ways of protecting your meetings from unwanted guests by configuring settings while creating or scheduling them.  Described here are a few tools which when alone or combined will greatly reduce the chances of encountering these issues.

Before Your Meeting

When scheduling or editing meetings, be aware that some settings are only accessible through the web interface, and cannot be configured through the Zoom desktop client.  In most cases, these recommended configuration settings can be assigned to individual meetings or assigned to defaults for all future meetings.


This article covers the following points:

  1. Disable "Join before host"
  2. Enable only authenticated users to join
  3. Enable waiting room
  4. Require meeting password
  5. Disable guest screen sharing
  6. Generate meeting ID automatically

Disable "Join before host"

Zoom allows the meeting to start when the first person joins, whether they are host or participant.  By default, this is disabled, and in most cases, it's best that way.  This ensures that only the host can start the meeting, while other participants will see a message that says “The meeting is waiting for the host to join.”


Enable only authenticated users to join

This option ensures that only authenticated Conestoga users can join the meeting.


Enable waiting room

(setting enabled/locked)

A waiting room allows the host to review who is attempting to join the meeting before admitting them.  An additional setting allows Conestoga users to be admitted automatically with only guests (not using a Conestoga authenticated account) being placed in the waiting room.  In cases of large meetings, the task of admitting participants to the meeting can be assigned to a co-host.


Require meeting password

(setting enabled/locked)

This works by requiring participants to enter the meeting password.  A password can be contained within the meeting invite text, or distributed by other communication.  It can also be embedded in the meeting URL, which will still prevent unwanted guests from entering via a randomly discovered meeting ID.  This setting can be applied to scheduled meetings, instant meetings, to your personal meeting ID, and to dial-in participants.



Disable guest screen sharing

This setting will restrict screen sharing to the host only.  This alone won't prevent unwanted people from your meeting, however, it can keep anyone from disrupting your meeting with unnecessarily shared material.  Keep in mind, if screen sharing is a necessary part of your meeting, you can enable guest screen sharing but also control the sharing by requiring host permission or invitation to share their screen.




Generate meeting ID automatically

When scheduling a meeting, selecting the "Generate Automatically" option will create a random meeting ID instead of using your PMI (personal meeting ID) by thereby limiting the lifespan of the meeting ID.


Sources/Further Reading: