Zoom Security Settings


Beginning in April, Zoom began to make changes to the security options available within their meetings. Part of the change included the creation of a new "security" settings category that allows a site admin and Zoom users to choose from either Waiting Room or Passcode to secure meetings.

Topics included in this article:

  • Overview of Settings Hierarchy
  • The best way to avoid Zoom bombings
  • Considerations of Waiting Room vs Passcode
  • Changing Security Settings for your Account
  • Changing Security Settings for your Meeting

Overview of Settings Hierarchy

Zoom has three tiers of settings: Admin, User, and Meeting. Admin settings control the default settings set for User settings, and User settings control the default settings for Meeting. Most settings in our system can be adjusted, with some exceptions of settings, that are "locked" by the admin.

Why does this matter? If you have set your Waiting Room in your User Settings menu of the web portal, but made the change after the creation of a Meeting, you will need to adjust your settings at the Meeting level as well. Also, the Personal Meeting Room does not abide by these User Defaults the same way a randomly generated meeting room does, so if you use your Personal Meeting Room for most of your meetings, you will have to adjust these separately in the Personal Room tab of the Meetings menu.

The Best Way to Avoid Zoom Bombings

For Classes:

While not as common, we have had situations where a Zoom course link has been shared with individuals outside of the class, leading to disruptions in the class. To prevent this from happening, we highly recommend that all faculty members use the "require authentication" setting for their classes. This will require students to authenticate into the Loyola Zoom environment in order to participate in the Zoom meeting. This setting is set at the account level under "Settings" and can be adjusted by each meeting scheduled, as well as in the Personal Meeting ID. Steps on how to adjust this in all three locations are available below:

Account Level Setting Change:

Do note that if you make this account-level setting change AFTER you have set a recurring meeting, you will need to adjust this setting for all sessions of the recurring meeting that occur after the setting is changed. This setting also needs to be adjusted in the Personal Meeting ID settings separately.

  1. Locate the Settings option in the left menu after logging into loyola.zoom.us.
  2. Under the Security section, locate "Only Authenticated Users Can Join Meetings".
  3. If the toggle button to the right of this setting is grey, click on the box until the box turns blue. This means this setting is "on" for your account.
Personal Meeting ID Setting Change:
  1. Locate the Meetings option in the left menu after logging into loyola.zoom.us.
  2. Locate the Personal Room tab, and click on that tab.
  3. Click "Edit" at the bottom of the page.
  4. Under the Security options, check the box next to "Require Authentication to Join: Sign in to loyola.zoom.us".
  5. Save your changes.

Note: If you use your Personal Meeting ID (PMI) for meetings with individuals outside of Loyola, we recommend that you schedule your class meetings with an automatically generated Meeting ID, OR you use your PMI for ONLY for internal meetings and use randomly generated meeting ID's for all external meetings. Otherwise you will need to toggle this setting on and off in your PMI depending on the meeting you are hosting.

Recurring Meeting Setting Change:

Typically this setting would be set by default when you create a recurring meeting, but as mentioned above, if you created the recurring meeting before you made the account setting change, you will need to do the following:

  1. Locate the Meetings option in the left menu after logging into loyola.zoom.us.
  2. You will be placed into the Upcoming Meetings tab view, locate the recurring meeting you need to edit.
  3. Click "Edit" to the right of the recurring meeting.
  4. Under the Security options, check the box next to "Require authentication to join: Sign in to loyola.zoom.us".
  5. Save your changes.

For Public-Facing Events:

The best practice is to not publish a meeting link anywhere publicly, e.g. Twitter, Facebook, LinkedIn, a publicly facing website. If your event requires public access, we recommend the following:

  1. Use a randomly generated Meeting ID and requiring Registration for the event. This can be achieved by:
    1. Logging into loyola.zoom.us
    2. Locate "Meetings" in the left menu, and clicking on that option if you are not already in that area of your account.
    3. Click the Schedule a Meeting button.
    4. Provide a Meeting Name, adjust the "Meeting ID" to "Generate Automatically" by clicking on the radio button to the left of the option.
    5. Fill in the check box next to "required" next to the Registration option

By using a randomly generated Meeting ID, you will not be sharing your Personal Meeting ID publicly. By requiring Authentication, you will share a registration link publicly and then individuals who attend will provide their email address so you will know who will be attending the event.

Considerations of Waiting Room vs. Passcode

These settings can seem overwhelming, and below we go into full detail about each. Though before that, we make some simplified recommendations and considerations for deciding what is best for your use.

Waiting Room versus Passcode:

The waiting room is the best option for most situations. We would recommend keeping your User Settings set as follows:

  • Waiting Room on
  • Waiting Room Options - Everyone

This will enable the Waiting Room by default for your scheduled meetings that do not use your Personal Meeting Room. You can also set the Waiting Room Options to "users not in your account." But consider:

  • Not all students authenticate into Zoom before logging into a meeting.
  • If you use Zoom for student meetings or other meetings that may have privacy concerns (ex. meetings that are booked back to back) you will want to change the Waiting Room Options to "Everyone".
  • If a participant arrives late, you will have to monitor the Waiting Room notifications.

If any of the above considerations sound like they would cause issues for you as you manage your meeting, Passcode is likely a better option. When using Passcode, we recommend:

  • Enabling Passcode.
  • Enabling Embed passcode in invite link for one-click join.

Changing Security Settings for your Account

  1. Log into Loyola's Zoom web portal (loyola.zoom.us).
  2. Locate the "Settings" link in the left navigation menu and click.
  3. Security settings are at the top of the Settings Screen. Below is an image that provides you with details about each setting and below the image are more details on each setting and their impact(s) on Zoom Meetings. Note: when a setting is "on" the toggle is blue, when the setting is "off" the toggle is grey.

All Zoom security settings.

  1. Waiting Room -- when turned on, all scheduled meetings will default to use the Waiting Room. This setting does not control your Personal Meeting Room. This can be set separately by going to Settings > Personal Room > Edit
  2. Waiting Room Options -- this appears when Waiting Room is turned on. These options allow you to provide more granular options to who goes into the Waiting Room and who can go directly into the meeting.
    1. The second option, "Users not in your account" assumes that all Loyola Zoom participants will be logged in to access a Zoom meeting.
    2. The third option is inconsequential within Loyola's environment as we do not have any disallowed domains.
      Waiting room options menu, who should go in the waiting room? Everyone, users not in your account, users who are not in your account and not part of the allowed domains.
  3. Require Passcode when scheduling new meetings - when turned on, all scheduled meetings use a Passcode by default. The Passcode can be viewed and changed in the Meeting settings (more information below in Meeting settings section).
  4. Require a passcode for instant meetings - instant meetings are those that you initiate as "meet now" from either the Zoom Web Portal or the Zoom Client. Because we have "Use Personal Meeting ID (PMI) when starting an instant meeting" forced "on" at the admin level, this setting can be ignored.
  5. Require a passcode for Personal Meeting ID (PMI) - when using your PMI, this setting will require the use of Passcode. Waiting Room can be set for the PMI separately from the Meetings > Personal Room settings screen.
  6. Embed passcode in invite link for one-click join - when meeting URL is created this encrypts the passcode into the meeting URL, which allows participants one-click access to meetings.
  7. Require passcode for participants joining by phone - when a user joins by phone because they are unable to use VOIP for some reason, this setting requires the user to type a passcode to join the meeting via phone. If the passcode is alphanumeric, the system will generate a numeric passcode for phone participants.
  8. Only authenticated users can join meetings - users wishing to join the meeting must be authenticated into the loyola.zoom.us Zoom domain. If you choose this setting, you may choose to provide users with instructions on how to properly access Loyola's Zoom environment.

Changing Security Settings for your Meeting

User-level settings documented above inform meeting level settings, so if you have Waiting Room set as your preferred security measure, this will be the default when setting up Meetings. You can also change the Meeting to use a passcode if that makes more sense for an individual instance.

When Scheduling a Meeting

The security setting is set when scheduling a meeting:

Options for meeting scheduling

When Using Your Personal Meeting Room

You adjust your Personal Meeting Room settings under the Meetings menu option. Select the Personal Room tab, then Edit at the bottom of the screen:

Personal room tab and edit button



Article ID: 115536
Thu 9/3/20 9:15 AM
Wed 3/10/21 10:02 AM