This site requires JavaScript to be enabled
757 views

9.0 - Updated on 2022-08-02 by Matthew McGuire

8.0 - Updated on 2021-03-18 by Justin Howell

7.0 - Updated on 2020-07-09 by Denise Moser

6.0 - Updated on 2020-06-25 by Matthew McGuire

5.0 - Updated on 2020-06-24 by Matthew McGuire

4.0 - Updated on 2020-06-18 by Matthew McGuire

3.0 - Updated on 2020-06-04 by Paul Drake

2.0 - Updated on 2020-05-29 by Kael Kanczuzewski

1.0 - Authored on 2020-05-29 by Kael Kanczuzewski

Table of Contents

Before You Begin

Zoom has a number of security features to prevent unwanted access or disruption to your Zoom meetings. All of these security features can be found in Managing Risk of Disruption in Zoom Meetings. Below are a number of specific scenarios with recommended security settings you may want to enable.

Scenario 1: General Public Invited to Join a Zoom Meeting

If you plan on hosting a public event and want the general public to be invited and attend, you're strongly encouraged to turn on registration for the Zoom meeting. Registration will require your participants to sign up for the event prior to receiving the Zoom meeting link.

If the event is for the public and you do not have technical support to help manage the meeting you may also want to consider using ND Studio’s Zoom Webinar Service.

To require registration:

  1. Sign into zoom.nd.edu
  2. Schedule a Zoom meeting
  3. In the meeting setting, click the checkbox for Required next to Registration.
  4. Once in the meeting, be sure to familiarize yourself with the Zoom Security button.

Scenario 2: Meetings for Notre Dame Participants

If you are hosting a meeting or course where only Notre Dame participants should be allowed to attend, it’s best to require users to sign in with their Notre Dame NetID and password in order to join the meeting.

For more information, see Create Zoom Meeting Restricted to Notre Dame Participants

Scenario 3: Meeting with Notre Dame and Non-Notre Dame Participants

If you are hosting a meeting or course primarily consisting of Notre Dame participants and you have a guest lecturer or a few non-Notre Dame attendees, it’s best to require users to authenticate by using “Sign into Zoom”. Notre Dame participants can use SSO to sign in while other participants can sign in via Zoom, Google, or SSO if their institution allows it. Signing in is always a good practice as it can help prevent unwanted participants.

For more information, see Create Zoom Meeting Restricted to Notre Dame Participants. Make sure at Step 3 to select Sign in to Zoom instead of Notre Dame Only (Okta).



Scenario 4: Hosting a Large Zoom Meeting

If you are hosting a large Zoom meeting and want to prevent unwanted disruptions, see Recommended Settings for Hosting a Large Zoom Meeting and Best Practices for Hosting a Large Zoom Meeting.

If you are hosting a large meeting where you need extra security measures, for example, not allowing participants names’ to be seen, turning participants audio/video off and not letting them turn it back on, etc. see ND Studio’s Zoom Webinar Service for more information.


Scenario 5: What to Do If You’re Being Zoom-bombed

The best thing you can do to minimize the impact if you are being Zoom-bombed is become familiar with the Zoom Security button.

  1. Participant(s) sharing inappropriate content
    Use the Zoom Security button
    to disable the ability for participants to share their screen and then remove the participant. Participants are not allowed to share their screen without host permission so this should not be an issue under normal circumstances.


  2. Participant(s) making inappropriate noise
    Mute all participants and then disable participants' ability to unmute themselves. Remove the participant if necessary.

  3. Participant(s) using the chat inappropriately
    Use the Zoom Security button
    and turn off participants' ability to chat. Remove the participant if necessary.

  4. Participant(s) renamed themselves to something inappropriate
    Use the Zoom Security button and turn off participants' ability to rename themselves. Remove the participant if necessary.


Scenario 6: Protect Privacy and Intellectual Property

Participants are not allowed to record your screen via Zoom without the host’s permission. As a Zoom meeting participant, do not record audio or screen displays using any software or devices other than Zoom's internal recording capability. This will ensure that the host has given their explicit permission to record and that all participants are aware the meeting is being recorded.  Content recorded should not be shared outside the meeting participants without the explicit permission of the host and, at the host's discretion, permission from the meeting attendees.

To help detect leaked Zoom meetings you can add an audio watermark to the share screen with the participant’s name on it. This will help identify the person if the video is ever shared and found publicly.

To enable the audio watermark during a screen share:

  1. Login to zoom.nd.edu.

  2. Create Zoom Meeting Restricted to Notre Dame Participants

  3. The audio watermark will be added automatically.

Scenario 7: University Data Used as Content in Zoom

Zoom is not approved for use in transmitting, displaying, or discussing data classified by the University as Highly Sensitive Information (HSI) These data are identified as part of the University's Information Security Policy and the Highly Sensitive Information standards.

Data classified by the University as 'Sensitive' shouldn't be transmitted, displayed, or discussed if any Zoom meeting attendees, including those who are Notre Dame participants, may not be authorized to access such data.  If your Zoom meeting plans to include data classified as 'Sensitive', you must have the explicit permission of the appropriate Data Steward(s).

Data classified by the University as 'Internal' may be transmitted, displayed, or discussed only if all meeting attendees are Notre Dame participants.  If there are non-Notre Dame participants, you must have the explicit permission of the appropriate Data Steward(s) to include 'Internal' data.

Zoom offers specific products to comply with some regulations like HIPAA or FEDRAMP.

If you have a need to use Zoom with these data types, please reach out to Notre Dame Information Security.


The recommended settings for meetings with Sensitive and Internal data are as follows:

Host account settings:

Host meeting settings:

In the meeting:


Scenario 8: End-to-End Encryption in Zoom

End-to-end (E2EE) encryption for meetings is now available. Zoom users can enable end to end encryption for meetings, providing additional protection when needed. Enabling end to end encryption for meetings requires all meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms. 

Please see KB0021824 for information on how to enable E2EE.

Enabling this setting also disables the following features:

Users will not be able to join by telephone, SIP/H.323 devices, on-premise configurations, the Zoom web client, third-party clients leveraging the Zoom SDK, or Lync/Skype clients, as these endpoints cannot be encrypted end to end. 

Additional End-to-End Encryption (E2EE) info: