search
Ctrlk
Zoom CommunityCustomer Support

compassZoom for Intune Field Guide

End-to-end guide for deploying the Zoom Workplace for Intune app

hashtag
Introduction

The Zoom Workplace for Intune mobile apps for iOS and Android are compatible with both mobile application management (MAM) and mobile device management (MDM). These apps can receive company-provided configurations to help enforce custom preferences, security settings, and data loss prevention policies within the application. This guide explains how to add and configure Zoom Workplace for Intune policies in your Microsoft Endpoint Manager tenant.

hashtag
Before you begin

This guide includes instructions for both mobile device management (MDM) and mobile application management (MAM) deployments for Zoom Workplace for Intune on iOS/iPad and Android. Some sections apply to all deployments, while the applicability of others depends on whether you are managing fully managed devices or only the application itself.

hashtag
Step 1: Add Zoom Workplace for Intune to your apps list

Add the Zoom Workplace for Intune application for your applicable operating systems. This is required before you can configure an App Protection Policy in the next section.

hashtag
iOS

  1. Navigate to the Apps menuarrow-up-right within Microsoft Endpoint Manager.

  2. Select iOS/iPadOS under the Platforms menu.

  3. Select + Create.

  4. Under Select app type choose iOS store app and press Select to continue.

  5. On the next page, select Search the App Store, search Zoom Workplace for Intune, and select it.

  6. Customize any information or settings such as the Minimum operating system or Applicable device type and select Next.

  7. Assign the app to users or groups based on your company policies and select Next.

circle-info

Note

We suggests only assigning the app to an initial testing group when first configuring to prevent user access before the application is fully configured.

  1. Review the app settings and assignments, and select Create to complete .

hashtag
Android

  1. Navigate to the Apps menuarrow-up-right within Microsoft Endpoint Manager.

  2. Select Android under the Platforms menu.

  3. Select + Create.

  4. Under Select app type choose Managed Google Play app and press Select to continue.

  5. In the Managed Google Play store, locate Zoom Workplace for Intune.

  6. Select the Approve option to review the app conditions and approve the app.

  7. Press the 🔄 Sync button in the top-left corner to synchronize permissions and complete the app addition.

  8. Refresh the application list and select the Zoom Workplace for Intune app from the Managed Google Play store.

  9. Select Properties in the left-hand menu, and click Edit next to Assignments.

  10. Assign the app to users or groups based on your company policies and select Review + Save.

circle-info

Note

We suggests only assigning the app to an initial testing group when first configuring to prevent user access before the application is fully configured.

  1. Review the settings and click Save to complete.

hashtag
Step 2 (Optional): Configure an App Protection Policy

App Protection Policies are optional Intune policies that apply app-level controls to help protect organizational data in supported mobile apps. They can enforce requirements such as work credentials or PIN access, restrict data transfer between apps, and help prevent data loss without requiring full device enrollment. Organizations may choose to use these policies when they need additional protection for company data, particularly in bring-your-own-device environments, while others may omit them if their deployment only requires basic app distribution or device-level management. The following steps outline how to configure an app protection policy, but an example is provided at the end of these steps for your convenience.

  1. Navigate to the Appsarrow-up-right menu within Microsoft Endpoint Manager.

  2. Select Protection under the Manage Apps menu.

  3. Click + Create and select your platform (iOS/iPadOS or Android) from the dropdown.

  4. On the Basics page, Name your app protection policy (e.g., Zoom Workplace for Intune - Android/iOS), provide a description, and select Next to continue.

  5. Below, click + Select public apps, choose Zoom for Intune, and click Next.

    Note: In the App Protection Policy public app selector, the app is listed as Zoom for Intune — not Zoom Workplace for Intune.

  6. On the Data protection page, choose the data loss prevention policies for the Zoom Workplace for Intune application and click Next.

circle-exclamation

Heads Up

An example of policies is provided below for your reference.

  1. On the Access requirements page, configure applicable access policies and click Next.

  2. On the Conditional launch page, configure any applicable settings and click Next.

  3. On the Assignments page, assign the app protection policy to users or groups based on your company policies and select Next.

  4. Review the policy’s settings and assignments, and select Create to complete.

  5. Repeat this process for the remaining operating system if necessary.

hashtag
App Protection Policy Example

The following example app protection policy settings reflect a common data loss prevention (DLP) baseline for Intune-managed mobile apps. These settings are provided for example purposes only and should be reviewed and adjusted to meet your organization's security and usability requirements.

Setting
Example configuration
Description

Send org data to other apps

Policy managed apps

Allows organizational data to transfer only to other Intune-managed apps.

Restrict cut, copy, and paste between other apps

Policy managed apps

Prevents users from copying or pasting organizational data into unmanaged apps.

Save copies of org data

Block

Prevents users from saving organizational data to unmanaged locations.

Backup org data

Block

Prevents organizational data from being included in personal cloud backups.

Encrypt org data

Require

Requires encryption for organizational data stored by the app.

PIN for access

Require

Requires users to enter an app PIN before accessing work data.

Recheck the access requirements after

30 minutes

Requires the app to revalidate access requirements after inactivity.

Max PIN attempts

5

Limits incorrect PIN attempts before the configured corrective action occurs.

Offline grace period

Block access after 1440 minutes; wipe after 90 days

Allows temporary offline access, then blocks access or removes work data if the device remains offline too long.

Jailbroken/rooted devices

Block access

Prevents access to work data from compromised devices.

hashtag
Step 3: Configure an App Configuration Policy

App Configuration Policies are optional Intune policies that provide app-specific settings to supported mobile apps, allowing organizations to preconfigure features and behavior without requiring users to manually enter those settings. They are commonly used to deliver company-defined values such as account setup information, feature preferences, or other app-specific options through either the managed device or managed app channel, depending on how the app is deployed and supported. The following steps outline how to configure an app protection policy, but an example is provided at the end of these steps for your convenience.

Choose the section below that matches your deployment model.

hashtag
Option A: Managed Devices (MDM)

This section explains how to configure Zoom Workplace for Intune for fully managed devices. If you only need to manage the Zoom Workplace for Intune app and not the entire device, see the Mobile Application Management instructions below instead.

hashtag
iOS

  1. Navigate to the Appsarrow-up-right menu within Microsoft Endpoint Manager.

  2. Select Configuration under the Manage Apps menu.

  3. Click + Create and select Managed devices.

  4. On the following page, Name your app configuration policy (e.g., Zoom Workplace for Intune - iOS) and provide a description.

  5. Device enrollment type should be set to Managed devices.

  6. Set the Platform to iOS/iPadOS.

  7. Click Select app, select Zoom Workplace for Intune app, and press Next at the bottom of the page.

  8. On the following page, set the Configuration settings format to either Use configuration designer or Enter XML data, based on your configuration method:

    1. Use configuration designer is a direct input method to specify the configuration key, value type, and value without XML encoding.

    2. Enter XML data is an input method that can receive the configuration in XML format.

  9. Configure the general application settings using either method from our available configuration policies for iOSarrow-up-right and click Next once complete (an example configuration is provided at the bottom of this section).

  10. Assign the configuration policy to users or groups based on your company policies and select Next.

  11. Review the configuration’s settings and assignments, and select Create to complete.

hashtag
Android

  1. Navigate to the Appsarrow-up-right menu within Microsoft Endpoint Manager.

  2. Select Configuration under the Manage Apps menu.

  3. Click + Create and select Managed devices.

  4. On the following page, Name your app configuration policy (e.g., Zoom Workplace for Intune - Android) and provide a description.

  5. Device enrollment type should be set to Managed devices.

  6. Set the Platform to Android Enterprise.

  7. Choose the Profile Type that you are creating the policy for.

  8. Click Select app, select Zoom Workplace for Intune, and press Next at the bottom of the page.

  9. On the following page, select your Configuration settings format:

    1. Use configuration designer will present a comprehensive list of settings that can be individually selected and configured through the + Add button.

    2. Enter JSON data will present an editable text field with JSON formatting for configurable policies that can be applied.

  10. Configure the general application settings using either method from our available configuration policies for Androidarrow-up-right and click Next once complete (an example configuration is provided at the bottom of this section).

  11. Assign the configuration policy to users or groups based on your company policies and select Next.

  12. Review the configuration’s settings and assignments, and select Create to complete.

hashtag
Option B: Managed Applications (MAM)

This section details how to configure the Zoom Workplace for Intune application on devices that do not require full device management. This configuration allows users to install Zoom Workplace for Intune on their personal devices without granting full device management and is suitable for Bring-Your-Own-Device (BYOD) environments.

hashtag
iOS

  1. Navigate to the Appsarrow-up-right menu within Microsoft Endpoint Manager.

  2. Select Configuration under the Manage Apps menu.

  3. Click + Add and select Managed apps.

  4. On the following page, Name your app configuration policy (e.g., Zoom Workplace for Intune - iOS) and provide a description.

  5. Confirm Target policy to is set to Selected apps, click + Select public apps, add Zoom for Intune for iOS/iPadOS from the list, and click Next.

  6. Click Next on the Settings Catalog page.

  7. On the Settings page, configure the general application settings from our available configuration policies for iOSarrow-up-right and click Next once complete (an example configuration is provided at the bottom of this section).

    triangle-exclamation

    Warning

    Boolean configuration values must use 0 for false and 1 for true.

  8. Assign the configuration policy to users or groups based on your company policies and select Next.

  9. Review the configuration’s settings and assignments, and select Create to complete.

hashtag
Android

  1. Navigate to the Appsarrow-up-right menu within Microsoft Endpoint Manager.

  2. Select Configuration under the Manage Apps menu.

  3. Click + Add and select Managed apps.

  4. On the following page, Name your app configuration policy (e.g., Zoom Workplace for Intune - Android) and provide a description.

  5. Confirm Target policy to is set to Selected apps, click + Select public apps, add Zoom for Intune for Android from the list, and click Next.

  6. Click Next on the Settings Catalog page.

  7. On the Settings page, configure the general application settings using either method from our available configuration policies for Androidarrow-up-right and click Next once complete (an example configuration is provided at the bottom of this section).

    triangle-exclamation

    Warning

    Boolean configuration values must use 0 for false and 1 for true.

  8. Assign the configuration policy to users or groups based on your company policies and select Next.

  9. Review the configuration’s settings and assignments, and select Create to complete.

hashtag
App Configuration Policy Example

The following example app configuration policies for iOS and Android use the settings below. These values represent common enterprise configuration choices and are included as an example only. Organizations should review and modify them as appropriate for their environment and security requirements. Refer to Zoom’s Support Center for the full list of configurable policies for iOSarrow-up-right and Androidarrow-up-right.

hashtag
iOS

Configuration Key
Value

DisableFacebookLogin

1

DisableGoogleLogin

1

mandatory:EnableAppleLogin

0

ForceLoginWithSSO

1

IntuneMAMUPN

{{UserPrincipalName}}

DisableLoginWithEmail

1

EnforceLoginWithMicrosoft

0

DisableUserSignUp

1

EnableCloudSwitch

0

DisableLoginWithMicrosoft

1

SetSSOURL

"sample"

hashtag
Android

Configuration Key
Value

mandatory:choice:DisableFacebookLogin

1

mandatory:choice:DisableGoogleLogin

1

mandatory:choice:DisableLoginWithEmail

1

mandatory:choice:DisableUserSignUp

1

mandatory:choice:EnableAppleLogin

0

mandatory:choice:ForceLoginWithSSO

1

mandatory:choice:EnforceLoginWithMicrosoft

0

mandatory:choice:DisableLoginWithMicrosoft

1

mandatory:choice:SetSSOURL

"sample"

hashtag
Additional Considerations

hashtag
Users can use both Zoom Workplace for Intune and the commercial Zoom Workplace mobile app on the same device

Users that enroll personally-owned devices can install both the managed Zoom Workplace for Intune app and the commercial Zoom Workplace mobile app on the same device. This allows users to have a personal Zoom Workplace app in addition to their company-managed Zoom Workplace application.

Customers that wish to enforce a secure container and prevent data leakage between company-managed applications like Outlook or similar applications are recommended to configure an app protection policy that supports these goals.

hashtag
Accounts can require Zoom Workplace for Intune authentication from mobile devices for their account

To maintain account security, Zoom accounts can be configured to require users to authenticate through the managed Zoom Workplace for Intune app on mobile devices. Once enabled, Zoom will reject any mobile client authentication requests from the commercial Zoom Workplace mobile app. This does not impact mobile browser authentication, including single sign-on (SSO), and only applies to mobile applications.

To enable this feature, submit a ticketarrow-up-right to Zoom Support from a Zoom admin account requesting to “Restrict the mobile client login type to Zoom Workplace for Intune.”

hashtag
Accounts can phase users into Zoom Workplace for Intune using group-level sign-in enforcement

By default, enabling Zoom Workplace for Intune does not prevent users from continuing to sign in through the commercial Zoom Workplace mobile app. For accounts that need more control over their rollout, Zoom offers an optional account-level feature that allows administrators to enforce Zoom Workplace for Intune sign-in on a per-group basis. When enabled, a setting becomes available at the User Group level that restricts members of that group to signing in exclusively through the Zoom Workplace for Intune app — users in the group will be unable to authenticate through the commercial Zoom Workplace mobile app. This allows administrators to migrate users to the managed Zoom Workplace for Intune app incrementally, group by group, rather than enforcing the requirement across the entire account at once.

This feature is not enabled by default and must be activated by the Zoom support team. To request access, open a ticketarrow-up-right with Zoom Support and ask to enable the group-specific Intune sign-in enforcement system property for your account.

hashtag
Accounts can verify user identity against their Microsoft tenant to prevent authentication spoofing and remove one-time passwords

Zoom provides an optional account-level setting that allows administrators to paste their Microsoft Tenant ID directly into their Zoom account. When configured, Zoom validates each user's authentication against that tenant at sign-in to confirm that the identity presented matches a verified record in the organization's Microsoft directory. This verification step also eliminates the current one-time password (OTP) prompt that users would otherwise receive during authentication.

This feature is not enabled by default and requires activation by the Zoom support team before the setting will appear in your account. To request access, open a ticketarrow-up-right with Zoom Support and ask to enable Allow to add Microsoft tenant ID for user verification for your account.

To configure this once enabled, navigate to Account Settings → Security and locate the Verify users using your Microsoft account tenant ID setting.

hashtag
Troubleshooting

hashtag
Permissions Error

If users receive an access error when attempting to open Zoom for Intune, this is typically caused by missing admin consent permissions for the Zoom for Intune Azure Gallery application.

To resolve this, complete the following steps:

  1. Construct the admin consent URL below, replacing {tenant-id} with your organization's Azure Tenant ID (available on the Azure Active Directory Overview page), then open it in a browser signed in with an admin account: https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=ed58ed1a-51b6-4477-823b-e46f39d73587

    Note: The client_id in this URL references the Zoom for Intune Azure Gallery application. Opening this URL will add the application to your tenant (if not already present) and set its initial permissions: Read and write app management data and Sign in and read user profile.

  2. Navigate to the Azure admin portal (https://portal.azure.comarrow-up-right) and sign in with an account assigned one of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or Owner of the service principal.

  3. In the left navigation, go to Enterprise Applications and search for Zoom for Intune. Select the application.

  4. In the application's left menu, select Permissions, then select Grant admin consent for [your organization].

hashtag
Authentication Error 530021

The Zoom for Intune app may encounter authentication error 530021 because of certain Intune Conditional Access configurations. This happens when admins configure Conditional Access to require both Require approved client app and Require all the selected controls enabled, which blocks Zoom sign-in because only Microsoft applications are included on the approved client app list; updating the Conditional Access policy resolves the issue.

Refer to Zoom’s support center for instructions on Configuring the Conditional Access policy for Zoom for Intunearrow-up-right.

Last updated

Was this helpful?