How to Secure Zoom Meetings

Reading Time: 9 minutes

Please note, the below post is from my personal experience using Zoom, so please configure your Zoom settings as per your own security requirements. I am in no way affiliated to Zoom but I am a keen user of the service.

For those who are not aware of what the Zoom service is, here is a snippet from the Zoom website.

Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Zoom is a publicly traded company on Nasdaq (ticker: ZM) and headquartered in San Jose, California.

Zoom has become a really popular platform since the outbreak of Corono Virus due to the company providing the ability for individuals, companies and schools to interact with each other online, whilst staying safe at home during this difficult time.

Zoom offer a number of packages which can be located on their website at, including a free package with a 40 minute meeting limit. I have found the service really easy and quick to setup, but want to stress that security needs to be taken into account by users of the service. It’s not just a Zoom responsibility.

As we all know with popularity of a service comes attackers, security flaws are found and patched, and risks for users of the service when security is not taken seriously.

Zoom are responsible for resolving bugs and improving the service by releasing security updates, similar to when Microsoft publish new security windows updates for you to patch your windows desktop/laptop/server, but we as users need to take the responsibility for securing our environments, similar to when we set up a strong password to ensure no one can login to our laptop, we install Antivirus/Malware software to protect our devices from viruses, configure disk encryption, and secure the device when it’s not in use.

Like with any online service, Zoom security also needs to be taken seriously and friends who have also started to use Zoom recently have encouraged me to create a post on my personal experience and how I secure my Zoom meetings. I would like to discuss a number of the options available within Zoom which I use personally to secure my Zoom meetings. I may miss a few points but the aim of this post is to get you thinking about security. If you have an idea to share, please do leave a comment towards the end of this post.

ok, so here goes…

1) Don’t publish your meeting ID and password publicly
I have lost count of the number of times I have mentioned this to first time and existing users of Zoom. Have a think before publishing your meeting ID and password to the World without any form of control or registration. It’s like advertising your home address and letting people know that you have left your house key outside under the mat.

If there is no requirement for users to interact with you such as a question and answer session, you could even use the feature to hook up your Zoom meeting to YouTube and advertise your YouTube link to participants. Before setting up a meeting, ask yourself whether you have made every effort to secure your meetings? Do you need to use YouTube Live for this event? As mentioned above, Zoom can be configured to connect to YouTube so your session could be streamed from Zoom to YouTube.

2) Enable waiting room
This is a very useful Zoom feature which will allow you to manually admit participants into the meeting as they arrive. You could also move participants to the waiting room once they have been admitted if there was a requirement to do so (Right click the participant and send participant to waiting room). Or you could right click and remove the participant. If you wish to setup a message for those waiting to be admitted you can do so here by clicking ‘Customize the title, logo, and description’. See screenshot below.

3) Enable encryption

4) Disable Webcam and Mic on Entry

It can be embarrassing when your join a meeting not realising that your webcam is enabled, and then panic to locate the disable web cam button 🙂

The below options will ensure that webcam and mic are off upon participant and host entry.

Once you have started the meeting, there is a feature which will allow you prevent participants from unmuting themselves. I find this feature very useful to prevent participants accidentally unmuting themselves and disturbing the meeting.

To prevent participants from unmuting themselves; start the meeting, click participants, click the three dots to the right of ‘Unmute All’. See image below

Disable the option ‘Allow Participants to Unmute themselves’ as show below. If a participant attempts to unmute their mic, they will receive a message to inform them the mic has been disabled. The host can manually enable the mic for each participant when required. If any of the participants wish to ask a question, there is an option for them to click a button which raises a hand against their name to catch the attention of the Host. At this point the host could unmute the individual participant. Participants could also send a message to the host via Zoom’s chat feature.

Some may be thinking if there is a similar option to prevent participants from enabling Web Cam. At the time of writing this post, there was no option to prevent all participants to enable Webcam. I am hoping Zoom will introduce this feature soon, as it’s a great security feature. In the mean time, if you find a troublesome participant who continuously enables his/her webcam, the host can right click and stop the webcam for the individual participant. The participant will not be able to start their web cam again once it’s been disabled by the host unless the host permits. But this feature is only available to the host once the participant has enabled their web cam, and the host has had the opportunity to disable. This is the one feature I feel that Zoom is lacking and hoping they will release soon.

5) Join before host

Personally, I don’t allow participants to join before the host as I prefer to be the first to join the meeting and be in control over who is joining the meeting. Along with the waiting room option we discussed above, I switch off the below option.

6) Enable passwords for meetings
Always setup a strong password for your meetings and enable the below option in case you forget to setup a password for future meeting scheduling. If someone was to guess a Meeting ID at random, they would be faced with a password prompt. Use the max 10 password length and include a mix of Numbers and Characters, including both uppercase and lowercase.

You can setup a password when creating your meeting. Here is the option:

7) Change your meeting password

If you have setup a reoccurring meeting you will be setup with the same Meeting ID which is useful, but make a habit of changing the password just incase someone has forwarded the password or even lost that piece of paper where the password was documented. Never document passwords on paper and store securely.

8) Embedded password with meeting ID

It’s easy sending out a link to your particpants which includes the meeting ID and password as a one click link to enter the meeting, but I prefer to disable this option and let the particpants type the password manually. I have not had to enable this feature as even non-tech people have managed to join my sessions with the system being easy to use.

9) Password for Participants coming in via Phone
If there is a requirement for any participants to attend the meeting via a dial in number, don’t forget to enable this option so they are prompted to enter using a password. I have never had to use the dial in via phone feature because most join via the internet via laptop/desktop or smart phone using the Zoom Client Meeting app. Please don’t confuse joining via phone as being able to connect via a mobile phone with access to the Internet. This option involves dialing a telephone number to join the meeting. Would come in use for those who don’t have an internet connection but there is an additional cost for this service so please contact Zoom or visit the website.

10) Chat features

Personally, I disable the option to allow participants to send private messages amongst themselves. Including allowing participants to save chat conversation content. I allow for messages to be sent so all on the meeting can view, and participants have the option to send messages directly to the host. A personal choice and depends on your meeting requirements.

If there was a requirement to disable chat for all participants, both private and being able to post a message to everyone within the meeting; start the meeting, click the security shield icon and untick chat.

11) Sharing files

A great feature which allows the host and participants to share files, but I don’t like the idea of sharing files from personal computers and not knowing the state of those personal computers (No Anti Virus, not patched with latest windows updates etc) so I leave this option disabled.

12) Add Co-Hosts

I love this feature and always enable it. It allows the host to enable trusted/known members as co-hosts. Co-hosts can help with moderating participants waiting to be admitted, send them a message or even remove them. Co-Hosts can not promote further participants to co-hosts, as only the host can do this. If there was a requirement to do so the host can assign the host right to another participant. There can only be one host so the permissions would be transferred and the original host would become a normal participant with no moderator permissions. But the good thing is that Zoom have allowed for the original host to revoke permissions and take the host role back at anytime whilst the meeting is in progress.

13) Screen sharing

A great feature to allow the host or co-host to share their screen or switch on Zoom’s whiteboard. I disable the share screen option for participants and allow for hosts/co-hosts only.

14) Annotations

This option allows participants to draw on your shared screen which I disable as there is no requirement for it to be enabled for me personally. But it could be used for fun, or if you were having a brain storming session where all in the meeting were taking part. It’s worth enabling and trying out. The feature can also be disabled from within the meeting if you found that participants were starting to annoy you 🙂

15) Virtual Background

This allows a bit of fun where participants can put up a background of a beach or any other background they wish using a image. We have used this feature and it does put a smile on everyone’s face. Personally, I disable it for participants. When disabled, hosts and co-hosts can still add a background within the meeting by accessing video settings.

16) Use the Lock Meeting Room Feature

Zoom offer a lock meeting room option so once your participants have joined the meeting, you could decide to Lock the meeting so no one else can enter.

To lock a meeting; start the meeting, click participants, click the three dots to the right of ‘Unmute All’. See image below

Click the option Lock Meeting

I hope this helps, and please do comment below if you have an idea to share. Thankyou

Upgrade Windows Server 2012 to Server 2019

Reading Time: 3 minutes

Microsoft recommend upgrading your server OS to the latest version, but we all know that this is not always possible. Your business may be running third party applications that have not yet been tested or even compatible with later Windows Server Operating Systems.

Always check whether the applications running on your current Operating System are supported, before you decide to upgrade to a higher version OS. It will save you a lot of time and disappointment.

So let’s continue on the basis that you have carried out your checks and the applications currently running on your server to be upgraded supports Server 2019.

First, as you will already be aware, ensure you have a full backup of your server, so in the event the upgrade goes horribly wrong, you have a backup to restore to.

Note: If you have Microsoft Endpoint Protection installed, you will be prompted to remove this app. This app is not compatible with server 2019

Now, that you are all set, you may be thinking, can I upgrade directly from server 2012 or server 2012 R2 to Server 2016? The answer is yes, you can and it’s a supported method. See support matrix from Microsoft below. So whether you decide to upgrade from Server 2012 to 2019 or from 2016 to 2019 a one hop in-place upgrade is support.

Available in-place upgrade paths

Ok, so we now have a full system backup, and we know that third party apps are supported with server 2016/2019.

Before we get started with the upgrade, Microsoft recommend that you collect some information from your device, for diagnostic and troubleshooting purposes. Because this information is intended for use only if your upgrade fails, you must make sure that you store the information somewhere that you can get to it off of your device.

To collect your info

  1. Open a command prompt, go to c:\Windows\system32, and then type systeminfo.exe.
  2. Copy, paste, and store the resulting system information somewhere off of your device.
  3. Type ipconfig /all into the command prompt, and then copy and paste the resulting configuration information into the same location as above.
  4. Open the Registry Editor, go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion hive, and then copy and paste the Windows Server BuildLabEx (version) and EditionID (edition) into the same location as above.

Upgrade Server 2012 to 2019

1) Patch your server with the latest windows updates if not already up to date
2) Locate the Windows Server 2019 Setup media, and then select setup.exe
3) Select the Windows Server version you wish to upgrade to

Screen to choose which Windows Server 2012 R2 edition to install

4) Accept the licensing terms

Screen to accept your license agreement

5) If you’re running Microsoft Endpoint Protection on your server, setup will prompt for this app to be removed as it isn’t compatible with Windows Server 2019

6) Select Keep personal files and apps, and then select Next

Screen to choose your installation type

7) After Setup analyses your server, setup will prompt you to proceed with your upgrade by clicking install

Screen showing you're ready to start the upgrade

8) Wait for the upgrade to complete

Screen showing your upgrade progress

9) To ensure the upgrade completed successfully

– Open the Registry Editor, go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion hive, and view the ProductName. You should see your edition of Windows Server 2019, for example Windows Server 2019 Standard. Make sure all of your applications are running and that your client connections to the applications are successful.

If you think something might have gone wrong during your upgrade, copy and zip the %SystemRoot%\Panther (usually C:\Windows\Panther) directory and contact Microsoft support.

How to build a server in Azure

Reading Time: 5 minutes

Building a server in Microsoft Azure is simple and has become easier as Microsoft have made improvements on the portal over the years.

In this example, i’ll be building a Windows 2019 Server, so lets get started

Logon to your Azure Portal, search for virtual machines and click + Add

The below interface appears, select your subscription from the drop down list. If you only have the one, it will already be selected

Next, drop down and select a resource group.

What is an Azure Resource Group?
A resource group is a container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organisation.

For the purposes of this demo, I’m going to create a new resource group

Next, lets give our virtual server a name and select a region. I have selected UK South

Next, I’m going to create this VM in a new availability set, because I will be building and adding another virtual web server and including it within the same availability set to provide for high availability. If you’re not interested in creating an availability set, you can skip these steps. But because it doesn’t cost anything to create an availability set, you may want to add the server to an availability set if you have plans of setting up redundancy in the future. You’ll obviously be charged for the second server, but the availability set is free. If you decide at this point you don’t require redundancy, but in the future change you’re mind, you will have to delete and recreate the VM to allow you to add it to a new availability set.

What is an Azure availability set?
An availability set is a logical grouping of VMs within a datacenter that allows Azure to understand how your application is built to provide for redundancy and availability. Azure makes sure that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches.
More info at: Azure Availability Options

Create a new availability set (I’m leave the defaults) and click OK. When you create another server, drop down and select an existing availability set. The below screenshot shows my new availability set. It’s worth looking into how fault domains and update domains function.

Next, select your Operating System. I have selected Windows Server 2019 Datacenter and a size of Standard DS1 v2 for this demo. The higher spec server the more it will cost you so ensure you select the correct server size depending on requirements

You may have noticed Azure Spot Instance. What is Azure Spot? Azure Spot offers unused Azure capacity at a discounted rate versus pay as you go prices. Workloads should be tolerant to infrastructure loss as Azure may recall capacity for pay as you go workloads. It’s recommended to use Azure Spot only if you’re testing and are happy for Microsoft to delete your VM without much notice. Never use this for production or even a test environment you require access to at all times.

Next setup your local administrator account and a strong password. For inbound public ports, I have set none. I will be accessing this server internally via RDP and don’t want to expose RDP to the outside world. If Bastion is available with your region, you could set it up so you can access your VM from within the portal. For more details on how to configure Azure Bastion, click How to Configure Bastion? If you have a requirement for public RDP to be enabled, lock down access to certain IP addresses and it’s worth setting up Azure Just In Time Access.

What is Azure Just In Time Access?
Just-in-time (JIT) virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed. The just-in-time feature is available on the Standard tier of Security Center

Click next, to configure disks. Select your disk types depending on your server/application requirements

You may also have a requirement to add an additional disk, such as a data disk. Don’t worry about creating a page file disk. You’ll get a temporary disk assigned by default

So here is what my disk configuration looks like. OS and a data disk

Click next to visit networking settings

Select your virtual network, subnet, a public IP if required and basic or advanced NSG. The common NSG is basic but will obviously depend on your company requirements. You can also control the NSG at subnet level within your VNET, or even route all traffic to an external firewall, such as a Paloalto firewall. It’s worth consulting with your networks team on security requirements.

When ready click next and configure management settings as required

I have set my machine to auto shut at 7pm. It’s only a test server and doesn’t need to be powered on after 7pm. Will save me on costs while it’s powered down.

Click next. If you have any requirements to install any extensions, such as Microsoft Antimalware, you can select here. If you’re not sure just yet, don’t worry about it, as you can select extensions after the VM build. It’s worth taking a look at the available extensions though. Click Next when ready

Create tags if required. Explanation of tags below

And click review and create

You’ll receive a notification after the VM has been built

I hope this post was useful. Feel free to comment below if you have any further questions.

Save Costs with Azure Advisor

Reading Time: 2 minutes

Azure Advisor is a great feature which provides recommendations on High Availability, Security, Performance and saving costs. Yes, that’s right, Microsoft help you save costs. It’s not all about making money for Microsoft, they want to help their customers save costs.

So how do they help customers save? Well, Microsoft will scan your Azure environment and report back any services which you could delete or downgrade via Azure Advisor. Services include:

– Optimize virtual machine spend by resizing or shutting down underutilized instances

– Reduce costs by eliminating unprovisioned ExpressRoute circuits

– Reduce costs by deleting or reconfiguring idle virtual network gateways

– Buy reserved virtual machine instances to save money over pay-as-you-go costs

– Delete unassociated public IP addresses to save money

– Delete Azure Data Factory pipelines that are failing

– Use Standard Snapshots for Managed Disks

How to access Cost recommendations in Azure Advisor

1) Login to the Azure portal
2) Search for and select Advisor

3) On the Advisor dashboard, select the Cost tab

It’s good to know that Microsoft are looking out for their customers when it comes to costs savings. It’s not all about making money for them, but they are passing down savings to the customers aswell.