Use Jamf Pro to manage Zoom

On this page:

Before you begin

Before you deploy Zoom, you should create a Configuration Profile in Jamf Pro that will set a Privacy Preferences Policy Control payload for Zoom. This gives people the ability to share their screen without elevating their privileges.

Privacy Preferences Policy Control

After you create a new Configuration Profile, configure the following settings for the Privacy Preferences Policy Control payload:

  1. In "Identifier", enter us.zoom.xos.
  2. For "Identifier Type", select Bundle ID.
  3. In "Code Requirement", enter the following: 
    
        identifier "us.zoom.xos" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = BJ4HAAB9B3
  4. In the section with the "APP OR SERVICE" and "ACCESS" columns, set the following access levels:
    1. In the first row, for the "APP OR SERVICE" column select Accessibility. In the "ACCESS" column, select Allow.
    2. In the second row, for the "APP OR SERVICE" column select ScreenCapture. In the "ACCESS" column, select Allow Standard Users to Allow Access.

Automatic updates

Zoom has an option to manually set automatic updates. To have the automatic updates feature enabled by default for Macs managed with Jamf Pro, use a Configuration Profile. For more, see Mass-deploying with preconfigured settings for macOS.

The Configuration Profile below is recommended as a minimum configuration:

  1. Use a Jamf Pro Applications & Custom Settings payload.
  2. In "Preference Domain", enter us.zoom.config.
  3. In "Property List", enter the following: 
    <?xml version="1.0" encoding="UTF-8"?> 

    
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
    
<plist version="1.0"> 
    
  <dict> 
    
    <key>zAutoUpdate</key> 
    
    <true/> 
    
    <key>SetUpdatingChannel</key> 
    
    <false/> 
    
  </dict> 
    
</plist>

If you want the update channel to be set to Slow, which has fewer updates and better stability, set "SetUpdatingChannel" to the boolean value of false. If you want the update channel to be set to Fast, which may install beta versions of updates with new features, set "SetUpdatingChannel" to the boolean value of true.

Set a default Configuration Profile

Endpoint Management offers this optional default Configuration Profile for Zoom at IU. Make sure you test these settings before deployment, and verify that Zoom works as your clients need it to. The initial conditions for the app preferences are set in the "PackageRecommend" section; clients can then adjust them. If you redeploy the profile, or deploy to existing systems, your clients' defaults will reset.


<?xml version="1.0" encoding="UTF-8"?> 

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 

<plist version="1.0"> 

  <dict> 

    <key>zAutoUpdate</key> 

<true/> 

    <key>SetUpdatingChannel</key> 

    <false/> 

    <key>PackageRecommend</key> 

<dict> 

<key>zAutoSSOLogin</key> 

<true/> 

<key>zSSOHost</key> 

<string>iu</string> 

<key>zDisableVideo</key> 

<true/> 

<key>MuteVoipWhenJoin</key> 

<true/> 

<key>MuteWhenLockScreen</key> 

<true/> 

<key>EnableSpotlightSelf</key> 

<true/> 

<key>EnableLightAdaption</key> 

<true/> 

<key>EnableAutoLightAdaption</key> 

<true/> 

<key>SetUseSystemDefaultSpeakerForVOIP</key> 

<true/> 

<key>SetUseSystemDefaultMicForVOIP</key> 

<true/> 

<key>AudioAutoAdjust</key> 

<true/> 

<key>zAutoJoinVoip</key> 

<true/> 

</dict> 

</dict> 

</plist>

This is document biry in the Knowledge Base.
Last modified on 2024-01-18 14:52:06.