Table of Contents
Recently I got a request to manage Zoom settings using Microsoft Intune. The most specific setting that was requested is How to configure the AutoUpdate setting of Zoom desktop client using Intune.
There are three options for managing the settings of Zoom Desktop Client.
- You can use an MSI Installer and deploy using pre-configured settings.
- You can use ADMX template files and configure them using Intune OMA-URI settings.
- You can manually configure each device by using a registry editor.
In this blog post, we will configure common Zoom settings using ADMX Template files and via OMA-URI settings.
[There is a newer way of Importing Zoom ADMX files and configuring Zoom App settings using Intune. To know more details, please refer to the guide: How to Import ADMX templates into Intune which provides details on How to download and Import Zoom ADMX files into Intune]
[Methods discussed in this blog post for Importing Zoom ADMX files into Intune utilize OMA-URI settings for Importing ADMX files and managing Zoom settings using OMA-URI]
[The below method still works fine to Import Zoom ADMX files into Intune, you will find that Import Zoom ADMX using the newer approach is easier]
There are two parts to managing Zoom App settings using Intune.
- Deploy Zoom ADMX Template File to all the devices you want to manage by using Device Configuration Profile.
- Create a Device Configuration Profile to configure specific settings using OMA-URI.
| [Update] |
|---|
| There is another newer way to Import Zoom ADMX template file using Intune. It’s a bit easier than this method of Ingesting Zoom ADMX files into Intune. You can refer to my other blog post which provides step by step on how to Import ADMX templates into Intune. |
STEP 1 – Download Zoom ADMX Template File
First, download the Zoom ADMX template file using this link: Mass-deploying with Group Policy Objects. Search for the Section “Available Templates” and click on Policies for version 5.11.3 or whichever latest version is available.
- Extract the contents of the zip file to a folder and locate the .admx file. There are two versions of Zoom Meeting ADMX files available: one for User-based policies (named HKCU) and the other for Machine-based Zoom Meetings Policies (named HKLM).
- We will use the HKLM version of the policies, which are Machine-based policies, with the file name “ZoomMeetings_HKLM.admx.”
STEP 2 – Ingest Zoom ADMX Template file In Intune
Once you have downloaded Zoom ADMX Template File, now you will need to Ingest it into Intune and assign this to all managed devices. Please follow below steps to Ingest Zoom ADMX file in Intune.
| There is also a new way to Import ADMX files in Intune. Please refer to the article How To Import ADMX Files In Intune to know more detailed information / step by step guide. |
- Login on Microsoft Intune admin Center
- Click on Devices -> Configuration profiles
- Clicon on + Create Profile
- Select Platform as Windows 10 and later
- Profile Type: Templates
- Template Name: Custom
Basics
- Name: Zoom ADMX Template Ingestion
- Description: This device Profile configuration will ingest Zoom ADMX template in Intune for managing Zoom Desktop Client Settings.
Configuration settings
Click on Add to add OMA-URI Settings as per below. Click on Save once you have added all below settings.
| Name | Zoom ADMX Import |
| Description | Importing Zoom ADMX Template |
| OMA-URI | ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/zoom/Policy/zoom |
| Data type | String |
| Value | Open ADMX file ZoomMeetings_HKLM.admx and copy all the contents of the file and paste it in Value field. |
After you click on Save, you can verify the OMA-URI Settings and click on Next to Proceed.
Assignments
Assign this device Configuration profile to either All devices or All Users or if you want to assign this device configuration profile to specific devices then you can create an Azure AD Security group and add devices into the group.
Add the group in Included groups section of this Policy. As in my organization, Zoom is being used by all users and installed on all the devices. Therefore, I will be pushing zoom ADMX template on all devices.
Review + Create
Review the device configuration profile settings and then click on Create button to create this policy.
Once the policy has been created successfully. It will take some time to deploy on target machines. You can click on Device Configuration profile created and check the status from Device and user check-in status. As you can see from below screenshot, the admx file has been ingested into two machines successfully.
STEP 3 – Verify Zoom ADMX Template Ingestion on End User Device
You have already confirmed the deployment of Zoom ADMX Template Ingestion using Intune Device Configuration Profile monitoring. It has been successfully deployed on 2 devices. How to confirm If Zoom ADMX Template has been ingested on the device ?. You can confirm it using Registry Editor by checking two registry keys AdmxInstalled and AdmxDefault.
- Go to Start -> Search for Registry Editor. Click on Registry Editor to Open
- Find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled Registry Key
- Expand the GUID and then Expand zoom -> Policy -> zoom to verify the ADMX template Installation
Go to the registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault and Expand the GUID and you can see that the registry keys created for zoom configuration which confirms that the template has been ingested successfully on the device. If you have deployed Zoom ADMX template to hundered’s of devices, you don’t need to verify it on each and every device. You can monitor device configuration profile for Zoom ADMX Ingestion from Microsoft Endpoint Manager Admin center.
STEP 4 – Manage Zoom settings using OMA-URI
Now, we have deployed ADMX template to all our devices, we can manage Zoom desktop client settings via Intune device configuration profile by using OMA-URI path.
You will not be able to find the settings via Intune User Interface to configure. Therefore, OMA-URI path needs to be created for each setting and then used to configure a particular setting of the application. Let’s look at how you can create OMA-URI Path for each settings.
How to build an OMA-URI
To build OMA-URI path for any setting, we need to refer to ZoomMeetings_HKLM.admx file which was downloaded earlier.
I will provide an example OMA-URI path which we will use to configure Zoom AutoUpdate setting and we will then deconstruct the path to understand how its created.
| Zoom AutoUpdate OMA-URI Setting |
|---|
| ./Device/Vendor/MSFT/Policy/Config/zoom~Policy~ZoomUsCommunication~zoomupdates/AU2_EnableAutoUpdate_Policy |
./<scope>/Vendor/MSFT/Policy/Config/AreaName/PolicyName
The first part is ./<scope> which can either be Device or User. As we are configuring a Device based policy, we will use Device keyword for our scope.
./Device/Vendor/MSFT/Policy/Config/
Second Part is /Vendor/MSFT/Policy/Config/ -> This will remain the same for each setting you are going to configure.
./<scope>/Vendor/MSFT/Policy/Config/AreaName/PolicyName
Third Part is /AreaName/PolicyName this is what we need to construct according to the setting which we want to configure. Open ZoomMeetings_HKLM.admx file and search for the policy you want to configure.
For example: We want to configure Zoom AutoUpdate Policy. Search for AU2_EnableAutoUpdate_Policy. As you can see from below screenshot. Policy Name is: AU2_EnableAutoUpdate_Policy and its ParentCategory is zoomupdates. ZoomUsCommunication is parent category of zoomupdates.The Policy supports two values either Enabled or Disabled. Let’s now create our OMA-URI path based on these values we got from zoom admx file.
./Device/Vendor/MSFT/Policy/Config/zoom~Policy~ZoomUsCommunication~zoomupdates
The last part of the OMA-URI is the policy setting name which we want to configure. As we know the name of the Policy setting is AU2_EnableAutoUpdate_Policy. We will use it for the PolicyName part of OMA-URI.
./Device/Vendor/MSFT/Policy/Config/zoom~Policy~ZoomUsCommunication~zoomupdates/AU2_EnableAutoUpdate_Policy
| Tip |
|---|
| You can also refer to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault registry location to find the AreaName part of the Policy instead of searching through admx to find parentcategory. |
STEP 5 – Manage Zoom AutoUpdate Setting using Intune
As we now know how to construct OMA-URI path for a particular setting which we want to configure. You can create OMA-URI path for any other setting using the information provided in ZoomMeetings_HKLM.admx. We can use the OMA-URI Path we created for managing AutoUpdate setting of Zoom, lets create a Device Configuration Profile on Microsoft Endpoint Admin Center and push this setting to the device.
- Login on Microsoft Intune admin Center
- Click on Devices -> Configuration profiles
- Clicon on + Create Profile
- Select Platform as Windows 10 and later
- Profile Type: Templates
- Template Name: Custom
Basics
Provide Name and Description of the device configuration profile. As we are configuring Zoom AutoUpdate using this configuration profile, we have used Name: Zoom AutoUpdate Enable and Description as “This Policy will Enable Zoom AutoUpdate on all Devices“
Configuration settings
Click on Add to add OMA-URI Settings as per below. Click on Save once you have added all below settings.
| Name | Zoom Autoupdate |
| Description | Enable Zoom AutoUpdate |
| OMA-URI | ./Device/Vendor/MSFT/Policy/Config/zoom~Policy~ZoomUsCommunication~zoomupdates/AU2_EnableAutoUpdate_Policy |
| Data type | String |
| Value | <enabled/> |
Once you click on Save button you can confirm that OMA-URI Setting has been added.
Assignments
You can either add All devices or Add all users or create an Azure AD security group with specific devices or users and then add it to Configure this setting. I will be configuring this setting on All devices.
Review + create
Review the Profile configuration and then create this device configuration policy.
Monitoring
To check if the Device Configuration Profile has been deployed successfully. Please follow below steps:
- From Microsoft Intune admin center, Click on Devices on the left hand side
- Click on Configuration Profiles
- Search for Zoom Autoupdate Enable device configuration profile
- In the Overview section you can check the deployment status
Verify Zoom AutoUpdate setting on target device
After assignment of this device configuration policy to all the devices. You can monitor the status from Intune Admin Center. You can also verify it on one or two devices manually to make sure that this policy is applying successfully. Let’s check the steps to verify if Zoom AutoUpdate setting on target devices.
Verify Zoom AutoUpdate setting using Registry Editor
Follow below steps to Verify Zoom Desktop Client AutoUpdate setting:
- Go to Start -> Type Regedit and click on Registry Editor.
- Find the Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Zoom\Zoom Meetings\Updates.
- You can check registry Entry on the right hand side: AU2_EnableAutoUpdate which is now set to 1.
Please note that as this setting is configured using Intune, User will not be able to change it as its a global setting on the device. The Auto Update checkbox in Zoom Application will be checked and greyed out. It will only be managed using Intune.
Verify AutoUpdate setting using Zoom Desktop Client
You can also verify this setting from Zoom Desktop Client application. Please follow below steps to check this setting.
- Login on Zoom Meeting application / Zoom Cloud Meetings application / Zoom Desktop Client.
Click on Settings Icon.
Click on General. Scroll down on the general settings page to find Zoom Updates setting. As you can see that the setting is currently enabled and cannot be changed by user as its managed by Intune,
Conclusion
In this blog post, we have seen how to Ingest Zoom admx file into Intune, how to construct OMA-URI Path for any Admx setting and Configured Zoom AutoUpdate using Intune OMA-URI Path. Not only AutoUpdate setting but you can manage all other Zoom Settings via Intune. You can construct OMA-URI path for each setting by referring to the Admx file and then use it to configure the setting on the device for Zoom Application.
Hi There,
For “Ingest Zoom ADMX Template file In Intune” > Does it install the Zoom Client on a machine?
For “Manage Zoom AutoUpdate Setting using Intune” > Does it automatically updates the Zoom Client or would the user have to click on “Check for updates”
If you would be able to answer these questions within this week, I would save my job, seriously !!
1. No Zoom MSI needs to be deployed separately. Zoom ADMX is just to manage Zoom Settings via Intune.
2. User would get a pop-up message and an update button. User can click on Update to update Zoom.
Hi Jatin,
Is there no way to silently update Zoom, without end-users input?