End-to-end (E2EE) encryption for meetings is now available. Account owners and admins can enable end-to-end encryption for meetings, providing additional protection when needed. Enabling end-to-end encryption for meetings requires all meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms.
Enabling this setting also disables the following features:
Users will not be able to join by telephone, SIP/H.323 devices, on-premise configurations, the Zoom web client, third-party clients leveraging the Zoom Web SDK, or Lync/Skype clients, as these endpoints cannot be encrypted end to end.
E2EE meetings are limited to 1000 participants and would still require having a Large Meeting license.
This article covers:
Notes:
Because end-to-end encryption is in technical preview and disables several other features, we recommend using E2EE only for meetings where additional protection is needed. After enabling E2EE, you can choose your default encryption type.
To enable End-to-end (E2EE) encrypted meetings for all users in the account:
To enable End-to-end (E2EE) encrypted meetings for a group of users:
To enable End-to-end (E2EE) encrypted meetings for your own use:
Once you’ve joined the meeting, check for the green shield icon in the upper left corner of the meeting window.
The meeting host can also read the security code aloud and the participants can verify that their codes match.
Zoom’s E2EE offering uses public key cryptography. In short, the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to that used by most end-to-end encrypted messaging platforms today.
E2EE is best for when you want enhanced privacy and data protection for your meetings, and is an extra layer to mitigate risk and protect sensitive meeting content. While E2EE provides added security, some Zoom functionality is limited in this first E2EE version (more on that below). Individual Zoom users should determine whether they need these features before enabling this version of E2EE in their meetings.
Not right now. Enabling this version of Zoom’s E2EE in your meetings disables certain features, including join before host, cloud recording, streaming, live transcription, Breakout Rooms, and polling. In addition, when end-to-end encryption is enabled, calling out to SIP/H.323 devices from Zoom Rooms will also be disabled.
Yes, free and paid Zoom accounts joining directly from Zoom’s desktop client or mobile app, or from a Zoom Room, can host or join an E2EE meeting if enabled in account settings.
Zoom meetings and webinars by default use 256-bit AES GCM encryption for audio, video, and application sharing (i.e., screen sharing, whiteboarding) in transit between Zoom applications, clients, and connectors. In a meeting without E2EE enabled, audio and video content flowing between users’ Zoom apps is not decrypted until it reaches the recipients’ devices. However, the encryption keys for each meeting are generated and managed by Zoom’s servers. In a meeting with E2EE enabled, nobody except each participant – not even Zoom’s servers – has access to the encryption keys being used to encrypt the meeting.
Participants can look for a green shield logo in the upper left corner of their meeting screen with a padlock in the middle to indicate their meeting is using E2EE. It looks similar to our 256-bit AES GCM encryption symbol, but the checkmark is replaced with a lock.
Participants will also see the security code that they can use to verify the secure connection. The host can read this code out loud, and all participants can check that their clients display the same code.
Account owners and admins can access the Dashboard for meetings, locate a meeting, then view the Encryption column to see if a specific meeting has end-to-end encryption. Hover over the icon in the Encryption column to view encryption details.
Zoom’s top priority is the trust and safety of our users, and our implementation of E2EE will allow us to continue to enhance safety on our platform. Free/Basic users seeking access to E2EE will participate in a one-time verification process that will prompt the user for additional pieces of information, such as verifying a phone number via text message. Many leading companies perform similar steps to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our work with human rights and children’s safety organizations and our users’ ability to lock down a meeting, report abuse, and a myriad of other features made available as part of our security icon — we can continue to enhance the safety of our users.