Ingest Zoom ADMX and manage Zoom settings using Intune

Recently I got a request to manage Zoom settings using Microsoft Intune. The most specific setting that was requested is How to configure the AutoUpdate setting of Zoom desktop client using Intune.

There are three options for managing the settings of Zoom Desktop Client.

  • You can use an MSI Installer and deploy using pre-configured settings.
  • You can use ADMX template files and configure them using Intune OMA-URI settings.
  • You can manually configure each device by using a registry editor.

In this blog post, we will configure common Zoom settings using ADMX Template files and via OMA-URI settings.

[There is a newer way of Importing Zoom ADMX files and configuring Zoom App settings using Intune. To know more details, please refer to the guide: How to Import ADMX templates into Intune which provides details on How to download and Import Zoom ADMX files into Intune]

[Methods discussed in this blog post for Importing Zoom ADMX files into Intune utilize OMA-URI settings for Importing ADMX files and managing Zoom settings using OMA-URI]

[The below method still works fine to Import Zoom ADMX files into Intune, you will find that Import Zoom ADMX using the newer approach is easier]

There are two parts to managing Zoom App settings using Intune.

  1. Deploy Zoom ADMX Template File to all the devices you want to manage by using Device Configuration Profile.
  1. Create a Device Configuration Profile to configure specific settings using OMA-URI.
[Update]
There is another newer way to Import Zoom ADMX template file using Intune. It’s a bit easier than this method of Ingesting Zoom ADMX files into Intune. You can refer to my other blog post which provides step by step on how to Import ADMX templates into Intune.

STEP 1 – Download Zoom ADMX Template File

First, download the Zoom ADMX template file using this link: Mass-deploying with Group Policy Objects. Search for the Section “Available Templates” and click on Policies for version 5.11.3 or whichever latest version is available.

Download Zoom ADMX
  • Extract the contents of the zip file to a folder and locate the .admx file. There are two versions of Zoom Meeting ADMX files available: one for User-based policies (named HKCU) and the other for Machine-based Zoom Meetings Policies (named HKLM).
  • We will use the HKLM version of the policies, which are Machine-based policies, with the file name “ZoomMeetings_HKLM.admx.”
Zoom ADMX File

STEP 2 – Ingest Zoom ADMX Template file In Intune

Once you have downloaded Zoom ADMX Template File, now you will need to Ingest it into Intune and assign this to all managed devices. Please follow below steps to Ingest Zoom ADMX file in Intune.

There is also a new way to Import ADMX files in Intune. Please refer to the article How To Import ADMX Files In Intune to know more detailed information / step by step guide.
  • Login on Microsoft Intune admin Center
  • Click on Devices -> Configuration profiles
  • Clicon on + Create Profile
  • Select Platform as Windows 10 and later
  • Profile Type: Templates
  • Template Name: Custom
Ingest Zoom ADMX Template In Intune

Basics

  • Name: Zoom ADMX Template Ingestion
  • Description: This device Profile configuration will ingest Zoom ADMX template in Intune for managing Zoom Desktop Client Settings.
Ingest Zoom ADMX Template file In Intune Basics Tab

Configuration settings

Click on Add to add OMA-URI Settings as per below. Click on Save once you have added all below settings.

NameZoom ADMX Import
DescriptionImporting Zoom ADMX Template
OMA-URI./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/zoom/Policy/zoom
Data typeString
ValueOpen ADMX file ZoomMeetings_HKLM.admx and copy all the contents of the file and paste it in Value field.
Zoom ADMX Import Intune OMA-URI Setting

After you click on Save, you can verify the OMA-URI Settings and click on Next to Proceed.

Zoom ADMX Import Intune OMA-URI Setting

Assignments

Assign this device Configuration profile to either All devices or All Users or if you want to assign this device configuration profile to specific devices then you can create an Azure AD Security group and add devices into the group.

Add the group in Included groups section of this Policy. As in my organization, Zoom is being used by all users and installed on all the devices. Therefore, I will be pushing zoom ADMX template on all devices.

Zoom ADMX Import/Ingest Intune

Review + Create

Review the device configuration profile settings and then click on Create button to create this policy.

Zoom ADMX Template Ingestion Intune policy create

Once the policy has been created successfully. It will take some time to deploy on target machines. You can click on Device Configuration profile created and check the status from Device and user check-in status. As you can see from below screenshot, the admx file has been ingested into two machines successfully.

Zoom ADMX Import Intune OMA-URI Setting

STEP 3 – Verify Zoom ADMX Template Ingestion on End User Device

You have already confirmed the deployment of Zoom ADMX Template Ingestion using Intune Device Configuration Profile monitoring. It has been successfully deployed on 2 devices. How to confirm If Zoom ADMX Template has been ingested on the device ?. You can confirm it using Registry Editor by checking two registry keys AdmxInstalled and AdmxDefault.

  • Go to Start -> Search for Registry Editor. Click on Registry Editor to Open
  • Find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled Registry Key
  • Expand the GUID and then Expand zoom -> Policy -> zoom to verify the ADMX template Installation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled

Go to the registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault and Expand the GUID and you can see that the registry keys created for zoom configuration which confirms that the template has been ingested successfully on the device. If you have deployed Zoom ADMX template to hundered’s of devices, you don’t need to verify it on each and every device. You can monitor device configuration profile for Zoom ADMX Ingestion from Microsoft Endpoint Manager Admin center.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault

STEP 4 – Manage Zoom settings using OMA-URI

Now, we have deployed ADMX template to all our devices, we can manage Zoom desktop client settings via Intune device configuration profile by using OMA-URI path.

You will not be able to find the settings via Intune User Interface to configure. Therefore, OMA-URI path needs to be created for each setting and then used to configure a particular setting of the application. Let’s look at how you can create OMA-URI Path for each settings.

How to build an OMA-URI

To build OMA-URI path for any setting, we need to refer to ZoomMeetings_HKLM.admx file which was downloaded earlier.

I will provide an example OMA-URI path which we will use to configure Zoom AutoUpdate setting and we will then deconstruct the path to understand how its created.

Zoom AutoUpdate OMA-URI Setting
./Device/Vendor/MSFT/Policy/Config/zoom~Policy~ZoomUsCommunication~zoomupdates/AU2_EnableAutoUpdate_Policy

./<scope>/Vendor/MSFT/Policy/Config/AreaName/PolicyName

The first part is ./<scope> which can either be Device or User. As we are configuring a Device based policy, we will use Device keyword for our scope.

./Device/Vendor/MSFT/Policy/Config/

Second Part is /Vendor/MSFT/Policy/Config/ -> This will remain the same for each setting you are going to configure.

./<scope>/Vendor/MSFT/Policy/Config/AreaName/PolicyName

Third Part is /AreaName/PolicyName this is what we need to construct according to the setting which we want to configure. Open ZoomMeetings_HKLM.admx file and search for the policy you want to configure.

For example: We want to configure Zoom AutoUpdate Policy. Search for AU2_EnableAutoUpdate_Policy. As you can see from below screenshot. Policy Name is: AU2_EnableAutoUpdate_Policy and its ParentCategory is zoomupdates. ZoomUsCommunication is parent category of zoomupdates.The Policy supports two values either Enabled or Disabled. Let’s now create our OMA-URI path based on these values we got from zoom admx file.

./Device/Vendor/MSFT/Policy/Config/zoom~Policy~ZoomUsCommunication~zoomupdates

The last part of the OMA-URI is the policy setting name which we want to configure. As we know the name of the Policy setting is AU2_EnableAutoUpdate_Policy. We will use it for the PolicyName part of OMA-URI.

./Device/Vendor/MSFT/Policy/Config/zoom~Policy~ZoomUsCommunication~zoomupdates/AU2_EnableAutoUpdate_Policy

Tip
You can also refer to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault registry location to find the AreaName part of the Policy instead of searching through admx to find parentcategory.
OMA-URI Zoom Desktop Client
OMA-URI Zoom Desktop Client

STEP 5 – Manage Zoom AutoUpdate Setting using Intune

As we now know how to construct OMA-URI path for a particular setting which we want to configure. You can create OMA-URI path for any other setting using the information provided in ZoomMeetings_HKLM.admx. We can use the OMA-URI Path we created for managing AutoUpdate setting of Zoom, lets create a Device Configuration Profile on Microsoft Endpoint Admin Center and push this setting to the device.

  • Login on Microsoft Intune admin Center
  • Click on Devices -> Configuration profiles
  • Clicon on + Create Profile
  • Select Platform as Windows 10 and later
  • Profile Type: Templates
  • Template Name: Custom
Manage Zoom AutoUpdate Setting using Intune

Basics

Provide Name and Description of the device configuration profile. As we are configuring Zoom AutoUpdate using this configuration profile, we have used Name: Zoom AutoUpdate Enable and Description as “This Policy will Enable Zoom AutoUpdate on all Devices

Manage Zoom AutoUpdate Setting using Intune

Configuration settings

Click on Add to add OMA-URI Settings as per below. Click on Save once you have added all below settings.

NameZoom Autoupdate
DescriptionEnable Zoom AutoUpdate
OMA-URI./Device/Vendor/MSFT/Policy/Config/zoom~Policy~ZoomUsCommunication~zoomupdates/AU2_EnableAutoUpdate_Policy
Data typeString
Value<enabled/>
Zoom AutoUpdate OMA-URI Setting

Once you click on Save button you can confirm that OMA-URI Setting has been added.

Zoom AutoUpdate OMA-URI Setting

Assignments

You can either add All devices or Add all users or create an Azure AD security group with specific devices or users and then add it to Configure this setting. I will be configuring this setting on All devices.

Zoom AutoUpdate OMA-URI Setting

Review + create

Review the Profile configuration and then create this device configuration policy.

Monitoring

To check if the Device Configuration Profile has been deployed successfully. Please follow below steps:

  • From Microsoft Intune admin center, Click on Devices on the left hand side
  • Click on Configuration Profiles
  • Search for Zoom Autoupdate Enable device configuration profile
  • In the Overview section you can check the deployment status
Zoom AutoUpdate OMA-URI Setting

Verify Zoom AutoUpdate setting on target device

After assignment of this device configuration policy to all the devices. You can monitor the status from Intune Admin Center. You can also verify it on one or two devices manually to make sure that this policy is applying successfully. Let’s check the steps to verify if Zoom AutoUpdate setting on target devices.

How to manage Zoom AutoUpdate setting using Intune

Verify Zoom AutoUpdate setting using Registry Editor

Follow below steps to Verify Zoom Desktop Client AutoUpdate setting:

  • Go to Start -> Type Regedit and click on Registry Editor.
  • Find the Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Zoom\Zoom Meetings\Updates.
  • You can check registry Entry on the right hand side: AU2_EnableAutoUpdate which is now set to 1.

Please note that as this setting is configured using Intune, User will not be able to change it as its a global setting on the device. The Auto Update checkbox in Zoom Application will be checked and greyed out. It will only be managed using Intune.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Zoom\Zoom Meetings\Updates

Verify AutoUpdate setting using Zoom Desktop Client

You can also verify this setting from Zoom Desktop Client application. Please follow below steps to check this setting.

  • Login on Zoom Meeting application / Zoom Cloud Meetings application / Zoom Desktop Client.
Zoom Cloud Meeting Client Login Page

Click on Settings Icon.

Zoom Desktop Client Setting Icon

Click on General. Scroll down on the general settings page to find Zoom Updates setting. As you can see that the setting is currently enabled and cannot be changed by user as its managed by Intune,

Zoom Desktop Client General Tab Zoom Updates Setting Greyed Out

Conclusion

In this blog post, we have seen how to Ingest Zoom admx file into Intune, how to construct OMA-URI Path for any Admx setting and Configured Zoom AutoUpdate using Intune OMA-URI Path. Not only AutoUpdate setting but you can manage all other Zoom Settings via Intune. You can construct OMA-URI path for each setting by referring to the Admx file and then use it to configure the setting on the device for Zoom Application.

3 thoughts on “Ingest Zoom ADMX and manage Zoom settings using Intune”

  1. Hi There,

    For “Ingest Zoom ADMX Template file In Intune” > Does it install the Zoom Client on a machine?

    For “Manage Zoom AutoUpdate Setting using Intune” > Does it automatically updates the Zoom Client or would the user have to click on “Check for updates”

    If you would be able to answer these questions within this week, I would save my job, seriously !!

    Reply

Leave a Comment