Zoom Security Recommendations

OIT recommends the following Zoom security settings for all your Zoom meetings.  It is the host’s responsibility to lock down your Zoom session to curb unwanted visitors.

  1. Only allow authenticated users
    Only attendees with a UT account may enter the session, and all attendees are required to authenticate before joining. However, if you have a guest speaker (external to the university), this option would also restrict your guest speaker. In this scenario, choose a Passcode or Waiting Room (or a combination of both).
  2. Require a passcode
    A Passcode may be generated automatically by Zoom, or it can be a pre-determined alpha-numeric series that you choose.  Be sure to share this passcode with attendees. If applied, it is automatically included in the text of the meeting invitation.  Note: If a passcode is shared publicly or with an unwanted guest, this will not restrict them from attending the session.
  3. Use a waiting room
    The Waiting Room can be activated or deactivated during the session at any time. Review the options on the Security icon within a meeting to quickly engage the Waiting Room in real-time. With this option applied, attendees enter a virtual waiting area before entering the main session. The host and co-host may admit attendees one at a time or, all at once, via the Participants menu.

Update your default meeting settings

To make change your default Zoom session settings:

  • Using the Zoom client: select Settings > View More Settings to open the options on the web.  You will see the various options for using the Waiting Room, Passcodes, or restricting to Authorized Users.
  • On the web, log in to http://tennessee.zoom.us and choose to Create or Edit Account > Settings.

Update individual meeting settings

When scheduling a meeting, select the appropriate options in the Security section.  Remember that all UT faculty, staff, and students have UT Zoom accounts.  We strongly recommend only allowing authenticated users to all your class sessions.

See the example below for selecting the security options for a specific meeting.  Please choose at lease one.

Zoom Schedule Meeting Options

Previously Scheduled Zoom Sessions with Public Links

For previously scheduled meetings with publicly advertised links, we recommend that the host evaluate the need for the session to be public and, if possible, make it a private meeting by:

  1. Removing the public post.
  2. Delete the meeting and create a new one.
  3. Require authentication.
  4. Enable at least one security setting: Meeting password/passcode, waiting room, and meeting registration (see instructions above.)
  5. Send the new meeting information only to people you know.

Recommendations for Public Zoom Sessions

If your meeting needs to be a public meeting, we suggest that you follow these best practices:

  1. Require registration and only provide the meeting invite and passcode to those registered.
  2. Enable the Waiting Room and only allow registered guests in.
  3. Don't mass admit everyone in the waiting room, instead add a secondary host to review attendees in the waiting room allowing them into the event.

Minimizing Disruption During an Event

If intruders do disrupt your class, one can quickly select Security > Suspend All Participant Activities, and any participant activity will immediately be silenced and full control provided to the host (detailed instructions)

In the event of an unauthorized intrusion during the meeting, we ask that the meeting host report the incident by notifying the OIT HelpDesk and providing details related to the meeting. Should the incident be considered abusive or criminal in nature, the instructor or host must report the incident to the UT Police Department for investigation.

Visit OIT’s Working and Teaching Remotely page for additional information on keeping control of your Zoom meetings.


Article ID: 129096
Tue 3/2/21 9:21 AM
Wed 11/8/23 2:56 PM