End-to-end (E2EE) encryption for meetings


End-to-end (E2EE) encryption for meetings is now available. Account owners and admins can enable end-to-end encryption for meetings, providing additional protection when needed. Enabling end-to-end encryption for meetings requires all meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms.

Enabling this setting also disables the following features:

Users will not be able to join by telephone, SIP/H.323 devices, on-premise configurations, the Zoom web client, third-party clients leveraging the Zoom Web SDK, or Lync/Skype clients, as these endpoints cannot be encrypted end to end.

E2EE meetings are limited to 1000 participants and would still require having a Large Meeting license.

This article covers:

Prerequisites for enabling End-to-end (E2EE) encryption for meetings

Notes:

How to enable end-to-end encryption for meetings

Because end-to-end encryption is in technical preview and disables several other features, we recommend using E2EE only for meetings where additional protection is needed. After enabling E2EE, you can choose your default encryption type.

Account

To enable End-to-end (E2EE) encrypted meetings for all users in the account:

  1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  2. In the navigation panel, click Account Management then Account Settings.
  3. Click the Meeting tab.
  4. Under Security, verify that Allow use of end-to-end encryption is enabled.
  5. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
  6. (Optional) If you want to make this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.
  7. Under Default encryption type, choose the default encryption type you want your account to use, either Enhanced encryption or End-to-end encryption.*
  8. Click Save.
    *Note: Because of the limitations of E2EE, we recommend using Enhanced encryption as the default encryption type and using end-to-end encryption for meetings where additional protection is required.

Group

To enable End-to-end (E2EE) encrypted meetings for a group of users:

  1. Sign in to the Zoom web portal as an admin with the privilege to edit groups.
  2. In the navigation panel, click User Management then Groups.
  3. Click the applicable group name from the list, then click the Meeting tab.
  4. Under Security, verify that Allow use of end-to-end encryption is enabled.
  5. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
    Note: If the option is grayed out, it has been locked at the account level and needs to be changed at that level.
  6. (Optional) If you want to make this setting mandatory for all users in the group, click the lock icon, and then click Lock to confirm the setting.
  7. Under Default encryption type, choose the default encryption type you want your account to use, either Enhanced encryption or End-to-end encryption.*
  8. Click Save.
    *Note: Because of the limitations of E2EE, we recommend using Enhanced encryption as the default encryption type and using end-to-end encryption for meetings where additional protection is required.

User

To enable End-to-end (E2EE) encrypted meetings for your own use:

  1. Sign in to the Zoom web portal.
  2. In the navigation panel, click Settings.
  3. Click the Meeting tab.
  4. Under Security, verify that Allow use of end-to-end encryption is enabled.
  5. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
    Note: If the option is grayed out, it has been locked at either the group or account level. You need to contact your Zoom admin.
  6. Under Default encryption type, choose the default encryption type you want your account to use, either Enhanced encryption or End-to-end encryption.*
  7. Click Save.
    *Note: Because of the limitations of E2EE, we recommend using Enhanced encryption as the default encryption type and using end-to-end encryption for meetings where additional protection is required.

How to use end-to-end encryption for meetings

Once you’ve joined the meeting, check for the green shield icon  in the upper left corner of the meeting window.

The meeting host can also read the security code aloud and the participants can verify that their codes match.

Frequently asked questions

How does Zoom provide end-to-end encryption?

Zoom’s E2EE offering uses public key cryptography. In short, the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to that used by most end-to-end encrypted messaging platforms today.

When would I use E2EE?

E2EE is best for when you want enhanced privacy and data protection for your meetings, and is an extra layer to mitigate risk and protect sensitive meeting content. While E2EE provides added security, some Zoom functionality is limited in this first E2EE version (more on that below). Individual Zoom users should determine whether they need these features before enabling this version of E2EE in their meetings.

Do I have access to all the features of a regular Zoom meeting?

Not right now. Enabling this version of Zoom’s E2EE in your meetings disables certain features, including join before host, cloud recording, streaming, live transcription, Breakout Rooms, and polling. In addition, when end-to-end encryption is enabled, calling out to SIP/H.323 devices from Zoom Rooms will also be disabled.

Do free Zoom users have access to end-to-end encryption?

Yes, free and paid Zoom accounts joining directly from Zoom’s desktop client or mobile app, or from a Zoom Room, can host or join an E2EE meeting if enabled in account settings.

How is this different from Zoom’s enhanced GCM encryption?

Zoom meetings and webinars by default use 256-bit AES GCM encryption for audio, video, and application sharing (i.e., screen sharing, whiteboarding) in transit between Zoom applications, clients, and connectors. In a meeting without E2EE enabled, audio and video content flowing between users’ Zoom apps is not decrypted until it reaches the recipients’ devices. However, the encryption keys for each meeting are generated and managed by Zoom’s servers. In a meeting with E2EE enabled, nobody except each participant – not even Zoom’s servers – has access to the encryption keys being used to encrypt the meeting.

How do I verify that my meeting is using end-to-end-encryption?

Participants can look for a green shield logo in the upper left corner of their meeting screen with a padlock in the middle to indicate their meeting is using E2EE. It looks similar to our 256-bit AES GCM encryption symbol, but the checkmark is replaced with a lock. 

Participants will also see the security code that they can use to verify the secure connection. The host can read this code out loud, and all participants can check that their clients display the same code.

How do account owners or admins verify that a meeting is using end-to-end-encryption?

Account owners and admins can access the Dashboard for meetings, locate a meeting, then view the Encryption column to see if a specific meeting has end-to-end encryption. Hover over the icon in the Encryption column to view encryption details.

How will you continue to provide a safe and secure platform?

Zoom’s top priority is the trust and safety of our users, and our implementation of E2EE will allow us to continue to enhance safety on our platform. Free/Basic users seeking access to E2EE will participate in a one-time verification process that will prompt the user for additional pieces of information, such as verifying a phone number via text message. Many leading companies perform similar steps to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our work with human rights and children’s safety organizations and our users’ ability to lock down a meeting, report abuse, and a myriad of other features made available as part of our security icon — we can continue to enhance the safety of our users.