UW-Madison Zoom Workplace - Secure Zoom Overview
This document provides an overview of what Secure Zoom is, who is eligible, the differences between a Standard Zoom and Secure Zoom account, and more.
Overview
What is Secure Zoom?
Secure Zoom is an environment that was requested by and created for the UW-Madison Health Care Component (HCC) population. It was configured in collaboration with the Office of Compliance and the Office of Cybersecurity to implement additional controls for increased security and reduce risk to meet HIPAA requirements
Effective October 5, 2021, units classified as being a Health Care Component (HCC) and groups related to these units, will be required to use a Secure Zoom account.
Eligibility
- UW-Madison Faculty
- UW-Madison Staff
- UW-Madison Students
- Important: Alumni, Emeriti, and Retirees with IT Services are not currently eligible for UW-Madison Zoom and cannot create a consumer Zoom account (https://zoom.us/) using any address ending in @wisc.edu.
Opt-in to Secure Zoom for Standard Zoom accounts
Individuals who are not associated with an HCC group/unit will most likely have a Standard Zoom account. Learn how to view your account group type. Standard Zoom accounts were not configured to comply with HIPAA requirements.
Opt-in options
You can update your UW-Madison Zoom account from Standard to Secure Zoom by doing one of the following:
-
Individual request:
- Visit the Secure Zoom opt-in manifest group.
- Select the Join group button located towards the top right corner of the page.
- Log out of your UW-Madison Zoom account and log back in to complete the account update.
- (Optional) Verify your account group type has been updated.
-
Group request: Contact the DoIT Help Desk and provide a list of NetIDs that need to opt-in to Secure Zoom.
Opt-out options
If you updated your Standard Zoom account to Secure Zoom and no longer need to have a Secure Zoom account type, you can opt-out by doing one of the following:
-
Individual request:
- Visit the Secure Zoom opt-in manifest group.
- Select the More actions drop-down menu located in the top right corner and select Leave group.
- Log out of your UW-Madison Zoom account and log back in to complete the account update.
- (Optional) Verify your account group type has been updated.
-
Group request: Contact the DoIT Help Desk and provide a list of NetIDs that need to opt-out of Secure Zoom.
Please note: Individuals who are part of an HCC group/unit will not have the option to opt-out of having a Secure Zoom account.
What is the difference between a Standard Zoom account and a Secure Zoom account?
- Standard Zoom account - In general, this is the default account type when a UW-Madison Zoom account is created for an eligible user. Most account settings can be modified to meet the needs of the host and/or attendees.
- Secure Zoom account - Individuals with a Secure Zoom account are affiliated with the Health Care Component (HCC) based on their employee record. This account type will have more account setting restrictions to ensure individuals in the HCC are adhering to HIPAA requirements. A few account settings may be grayed out and locked to ensure enhanced security is consistent during meetings. Note: These account settings will impact attendees while they are in a meeting hosted by a Secure Zoom account. If an attendee attends a meeting hosted by any other account type, they will not be subject to the same Secure Zoom account setting restrictions.
How can I tell what type of Zoom account I have?
You can learn how to view your account type by viewing your group listing here: https://kb.wisc.edu/zoom/112923 .
Zoom desktop/mobile app version requirement
Individuals using a Secure Zoom account and participants who attend meetings hosted by a Secure Zoom account must use a Zoom desktop or mobile app version of 6.0.10 or later. See below for resources:
- Test your Zoom desktop/mobile app version
- Check your Zoom desktop/mobile app version
- Update your Zoom desktop/mobile app
- Note: If your computer or mobile device is managed by your IT department, you may need to request assistance in updating your Zoom application.
Service accounts in Secure Zoom
We are working on formalizing a process for reviewing requests for a service account in Secure Zoom. Currently, requests are being reviewed in collaboration with the Office of Compliance. If you would like to request a service account in Secure Zoom, please contact the DoIT Help Desk and provide a detailed use case. Please note, due to the level of risk service accounts pose in Secure Zoom, very few use cases may be approved. Below are some of the risks of using a service account in Secure Zoom:
- Duo is not enforced for service accounts.
- Account activity logs will reflect the service account, not an individual if an incident were to occur.
- Individuals can share the service account's credentials.
Compare Standard Zoom and Secure Zoom account settings
Security Settings
Your settings allow you to enable or disable features for your meetings. These settings control user and meeting authentication, waiting room, and passcode requirements. The Zoom setting status indicators are:
- Enabled:
- Disabled:
| Setting | Description | Default UW-Madison Standard Account | Default UW-Madison Secure Zoom Account |
|---|---|---|---|
| Require that all meetings are secured with one security option | Require that all meetings are secured with one of the following security options: a passcode, Waiting Room, or "Only authenticated users can join meetings." If no security option is enabled, Zoom will secure all meetings with Waiting Room. | Disabled | Enabled, Locked |
| Waiting Room | When participants join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting for allowing participants to join before host. | Enabled | Enabled |
| Waiting Room Options | Everyone will go into the waiting room
|
Enabled | Enabled |
| Require a passcode when scheduling new meetings | A passcode will be generated when scheduling a meeting and participants require the passcode to join the meeting. The Personal Meeting ID (PMI) meetings are not included. | Enabled | Enabled |
| Require a passcode for instant meetings | A random passcode will be generated when starting an instant meeting | Enabled | Enabled |
| Require a password for Personal Meeting ID (PMI) |
|
Enabled | Enabled |
| Webinar Passcode | A passcode will be generated when scheduling a Webinar and participants require the passcode to join the Webinar. Secure Zoom Accounts require a passcode for webinars that have already been scheduled. |
Enabled | Enabled, Locked |
| Require passcode for participants joining by phone | A numeric passcode will be required for participants joining by phone if your meeting has a passcode. For meeting with an alphanumeric passcode, a numeric version will be generated. | Enabled | Enabled |
| Embed passcode in invite link for one-click join | Meeting passcode will be encrypted and included in the invite link to allow participants to join with just one click without having to enter the passcode. | Enabled | Enabled |
| Only authenticated users can join meetings | The participants need to authenticate prior to joining the meetings, hosts can choose one of the authentication methods when scheduling a meeting. | Disabled | Disabled |
| Meeting Authentication Options |
If Waiting Room is enabled, phone-only users will be placed in the Waiting Room. If Waiting Room is not enabled, phone dial-in only users will be allowed to join the meeting. |
Enabled | Enabled |
| Only authenticated users can join meetings from Web client | The participants need to authenticate prior to joining meetings from web client | Enabled | Enabled |
Schedule Meeting Settings
Your settings allow you to enable or disable features for your meetings. These settings control video, audio, and Personal Meeting IDs. The Zoom setting status indicators are:
- Enabled:
- Disabled:
| Setting | Description | Default UW-Madison Standard Account | Default UW-Madison Secure Zoom Account |
|---|---|---|---|
| Host Video | Start meetings with host video on | Enabled | Enabled |
| Participants Video | Start meetings with participant video on. Participants can change this during the meeting. | Enabled | Enabled |
| Audio Type | Determine how participants can join the audio portion of the meeting. When joining audio, you can let them choose to use their computer microphone/speaker or use a telephone. You can also limit them to just one of those audio types. If you have 3rd party audio enabled, you can require that all participants follow the instructions you provide for using non-Zoom audio.
|
Enabled | Enabled |
| Join before host | Allow participants to join the meeting before the host arrives | Disabled | Disabled |
| Allow Zoom Rooms to start meeting with Host Key | Transfer hosting permissions from your account to the Zoom Room device. The Zoom Room will host the meeting. | N/A | Disabled, Locked |
| Enable Personal Meeting ID | A Personal Meeting ID (PMI) is a 9 to 11 digit number that is assigned to your account. You can visit Personal Meeting Room to change your personal meeting settings. Learn more | Enabled | Enabled |
| Use Personal Meeting ID (PMI) when scheduling a meeting | You can visit Personal Meeting Room to change your Personal Meeting settings. | Disabled | Disabled |
| Use Personal Meeting ID (PMI) when starting an instant meeting | Disabled | Disabled | |
| Mute participants upon entry | Automatically mute all participants when they join the meeting. The host controls whether participants can unmute themselves. | Enabled | Enabled |
| Upcoming meeting reminder | Receive desktop notification for upcoming meetings. Reminder time can be configured in the Zoom Desktop Client. | Enabled | Enabled |
| Tracking Pixel - Webinar | Allow webinar hosts to add a tracking pixel to Registration and Registration Successful pages to track page views. | Enabled | Enabled |
In Meeting (Basic) Menu Settings
Your settings allow you to enable or disable features for your meetings. These settings control chat, polling, screen sharing, feedback, and reactions. The Zoom setting status indicators are:
- Enabled:
- Disabled:
| Setting | Description | Default UW-Madison Standard Account | Default UW-Madison Secure Zoom Account |
|---|---|---|---|
| Require encryption for 3rd party endpoints (SIP/H.323) | By default, Zoom requires encryption for all data transferred between the Zoom cloud, Zoom client and Zoom Room. Turn on this setting to require encryption for 3rd party endpoints (SIP/H.323) as well | Enabled | Enabled, Locked |
| Chat | Allow meeting participants to send a message visible to all participants
|
Enabled | Enabled |
| Private chat | Allow meeting participants to send a private 1:1 message to another participant. | Disabled | Disabled |
| Auto saving chats | Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts | Enabled | Enabled |
| Sound notification when someone joins or leaves | Play sound for:
When each participant joins by telephone:
|
Enabled | Enabled |
| Send files via meeting chat | Hosts and participants can send files through the in-meeting chat | Disabled | Disabled, Locked |
| Send files via webinar chat | Hosts and participants can send files through the in-meeting chat | Disabled | Disabled, Locked |
| Feedback to Zoom | Add a Feedback tab to the Windows Settings or Mac Preferences dialog, and also enable users to provide feedback to Zoom at the end of the meeting | Disabled | Disabled |
| Display end-of-meeting experience feedback survey | Display a thumbs up/thumbs down survey at the end of each meeting. If participants respond with thumbs down, they can provide additional information about what went wrong. | Disabled | Disabled |
| Co-host | Allow the host to add co-hosts. Co-hosts have the same in-meeting controls as the host | Enabled | Enabled |
| Meeting Polling | Allow host to use 'Polls' in meetings. Hosts can add polls before or during a meeting. | Enabled | Enabled |
| Meeting survey | Allow host to present survey to participants once a meeting has ended.
|
Enabled | Enabled |
| Webinar Polling | Allow host to use 'Polls' in webinars. Hosts can add polls before or during a webinar. | Enabled | Enabled |
| Webinar Survey | Allow host to present surveys to attendees once a webinar has ended.
|
Enabled | Enabled |
| Always show meeting control toolbar | Always show meeting controls during a meeting | Disabled | Disabled |
| Show Zoom windows during screen share | Disabled | Disabled | |
| Screen sharing | Allow host and participants to share their screen or content during meetings Who can share?
Who can start sharing when someone else is sharing?
|
Enabled | Enabled |
| Disable desktop/screen sharing for meetings you host | Disable desktop or screen share in a meeting and only allow sharing of selected applications | Disabled | Enabled |
| Disable screen sharing when guests are in the meeting | Guests include users who not signed in or not in the same account. Participants who dial-in via phone or join with SIP/H.323 devices will still be able to screen share. | Disable | Disable |
| Annotation | Allow participants to use annotation tools to add information to shared screens
|
Enabled | Enabled |
| Whiteboard | Allow host and participants to share a whiteboard during a meeting
|
Enabled | Enabled |
| Remote control | During screen sharing, the person who is sharing can allow others to control the shared content | Disabled | Disabled |
| Nonverbal feedback | Participants in a meeting can provide nonverbal feedback and express opinions by clicking on icons in the Participants panel | Enabled | Enabled |
| Meeting Reactions | Allow meeting participants to communicate without interrupting by reacting with an emoji that shows on their video. Reactions disappear after 10 seconds. Participants can change their reaction skin tone in Settings.
|
Enabled | Enabled |
| Join different meetings simultaneously on desktop | Allow user to join different meetings at the same time on one desktop device. | Disabled | Disabled |
| Allow removed participants to rejoin | Allows previously removed meeting participants and webinar panelists to rejoin | Disabled | Disabled |
| Allow participants to rename themselves | Allow meeting participants and webinar panelists to rename themselves | Disabled | Disabled |
| Hide participant profile pictures in a meeting | All participant profile pictures will be hidden and only the names of the participants will be displayed on the video screen. Participants will not be able to update their profile pictures in the meeting. | Disabled | Disabled |
In Meeting (Advanced) Menu Settings
Your settings allow you to enable or disable features for your meetings. These settings control captions, breakout rooms, joining from a browser, and live streaming. The Zoom setting status indicators are:
- Enabled:
- Disabled:
| Setting | Description | Default UW-Madison Standard Account | Default UW-Madison Secure Zoom Account |
|---|---|---|---|
| Report participants to Zoom | Hosts can report meeting participants for inappropriate behavior to Zoom's Trust and Safety team for review. This setting can be found on the Security icon on the meeting controls toolbar | Enabled | Enabled |
| Breakout room | Allow host to split meeting participants into separate, smaller rooms
|
Enabled | Enabled |
| Remote support | Allow meeting host to provide 1:1 remote support to another participant | Disabled | Disabled |
| Closed captioning | Allow host to type closed captions or assign a participant/third party device to add close captions Standard Account:
Secure Account:
|
Enabled | Enabled |
| Save captions | Allow participants to save fully closed captions or transcripts | Enabled | Disabled, Locked |
| Language Interpretation | Allow host to assign participants as interpreters who can interpret one language into another in real-time. Host can assign interpreters when scheduling or during the meeting. 9 languages: English, Chinese, Japanese, German, French, Russian, Portuguese, Spanish, Korean |
Enabled | Enabled |
| Far end camera control | Allow another user to take control of your camera during a meeting | Disabled | Disabled, Locked |
| Group HD video | Activate higher quality video for host and participants. (This will use more bandwidth.)
|
Enabled | Enabled |
| Virtual background | Allow users to replace their background with any selected image. Choose or upload an image in the Zoom Desktop application settings | Enabled | Enabled |
| Video filters | Turn this option on to allow users to apply filters to their videos | Disabled | Disabled |
| Immersive View | Allow hosts to curate case-specific scenes, such as a classroom or boardroom for their meetings or webinars. | Disabled | Disabled |
| Focus Mode | A mode that shows only hosts and co-hosts' video and profile pictures during a meeting. Focus Mode can be found in the "More" menu in the in-meeting toolbar. | Disabled | Disabled |
| Identify guest participants in the meeting/webinar | Participants who belong to your account can see that a guest (someone who does not belong to your account) is participating in the meeting/webinar. The Participants list indicates which attendees are guests. The guests themselves do not see that they are listed as guests | Disabled | Enabled |
| Auto-answer group in chat | Enable users to see and add contacts to 'auto-answer group' in the contact list on chat. Any call from members of this group will be automatically answered | Disabled | Disabled |
| Only show default email when sending invites | Allow users to invite participants by email only by using the default email program selected on their computer | Disabled | Disabled |
| Use HTML format email for Outlook plugin | Use HTML formatting instead of plain text for meeting invitations scheduled with the Outlook plugin | Disabled | Disabled |
| Allow users to select stereo audio in their client settings | Allow users to select stereo audio during a meeting | Enabled | Enabled |
| Allow users to invite a Room Connector Device to a meeting | Enabled | Enabled | |
| Show H.323/SIP device list | Show the list of H.323/SIP devices in the Call Out tab for "Invite a Room System" | Enabled | Enabled |
| Only the host can view the H.323/SIP device list | Show the list of H.323/SIP devices only to the meeting host in the Call Out tab for "Invite a Room System" | Disabled | Disabled |
| Show a "Join from your browser" link | Allow participants to bypass the Zoom application download process, and join a meeting directly from their browser. This is a workaround for participants who are unable to download, install, or run applications. Note that the meeting experience from the browser is limited | Enabled | Enabled |
| Show "Always Join from Browser" option when joining from join.zoom.us | Allow account members to enable "Always Join from Browser" when they join meetings from join.zoom.us | Disabled | Disabled |
| Allow live streaming meetings | Disabled | Disabled | |
| Allow live streaming of webinars | FacebookWorkplace by FacebookYouTube
|
Enabled | Disabled |
| Show a custom disclaimer when starting or joining a meeting | Create your own disclaimer that will be shown at the start of all meetings hosted by your account. | Disabled | Disabled |
| Request permission to unmute | Select this option in the scheduler to request permission to unmute meeting participants and webinar panelists. Permissions, once given, will apply in all meetings scheduled by the same person | Disabled | Disabled |
| Enable "Stop incoming video" feature | Allows meeting participants to turn off all incoming video feeds on their screen (does not affect other participants’ screens). To access this feature, click the view button at the top-right corner of your screen. | Enabled | Enabled |
Email Notification Settings
Your settings allow you to enable or disable features for your meetings. These settings control when e-mail notifications are sent to meeting hosts, alternate hosts, and participants. The Zoom setting status indicators are:
- Enabled:
- Disabled:
| Setting | Description | Default UW-Madison Standard Account | Default UW-Madison Secure Zoom Account |
|---|---|---|---|
| When a cloud recording is available | Notify host when cloud recording is available
|
Enabled | Enabled |
| When attendees join meeting before host | Notify host when participants join the meeting before them | Enabled | Enabled |
| When a meeting is cancelled | Notify host and participants when the meeting is cancelled | Enabled | Enabled |
| When an alternative host is set or removed from a meeting | Notify the alternative host who is set or removed | Enabled | Enabled |
| When someone scheduled a meeting for a host | Notify the host there is a meeting scheduled, rescheduled or cancelled | Enabled | Enabled |
| When the cloud recording is going to be permanently deleted from trash | Notify the host 7 days before the cloud recording is permanently deleted from trash | Enabled | Enabled |
Other Settings
Your settings allow you to enable or disable features for your meetings. The Zoom setting status indicators are:
- Enabled:
- Disabled:
| Setting | Description | Default UW-Madison Standard Account | Default UW-Madison Secure Zoom Account |
|---|---|---|---|
| Blur snapshot on iOS task switcher | Enable this option to hide potentially sensitive information from the snapshot of the Zoom main window. This snapshot display as the preview screen in the iOS tasks switcher when multiple apps are open | Enabled | Enabled |
| Direct call a room system | Call a SIP/H.323 room system directly from the client. Enable direct call to a room system from client. This adds a 'Call Room' button to the client home page. |
Disabled | Disabled |
| Invitation Email | Your meeting attendees will receive emails in language based upon their browser/profile settings. Choose languages which your expected attendees will receive content in to edit. | English | English |
| Schedule Privilege | You can assign users in your account to schedule meetings on your behalf. You can also schedule meetings on behalf of someone that has assigned you scheduling privilege. You and the assigned scheduler must be on a Paid plan within the same account. | Enabled | Enabled |