New Zoom Security Measures Coming May 2025
On Friday, May 16, 2025, Information Technology Services (ITS) will implement a new security measure requiring all Zoom meetings to use a waiting room, passcode, or authentication for entry. If you currently have a Zoom meeting scheduled on or after the implementation date with no security measure in place, a waiting room will automatically be added to your meeting.
Securing your meetings helps protect data and sensitive information that is shared during the meeting, safeguards the privacy of participants, and prevents unauthorized access from intruders or third-party AI bots/applications.
Beginning May 16, 2025, all Zoom meetings hosted by a George Mason-licensed Zoom account will be required to use at least one security measure.
A waiting room will automatically be added to any Zoom meetings scheduled to occur on or after May 16, 2025, that do not have a security measure in place.
Check your Meeting Security Status
- In your list of scheduled meetings, check to see if there is an icon of an exclamation mark inside a circle next to your meeting title
- When you hover over the icon, it will read: “This meeting does not have a waiting room or passcode.”
Security Features in Zoom
The following security features in Zoom have been reviewed and configured to help maintain the integrity of your Zoom meetings hosted by a George Mason licensed account. Features that are “unlocked” can be adjusted by individual users.
Note: Settings are configured differently for the HIPAA Compliant Zoom Secure environment.
| Feature | Enabled | Disabled | Locked | Unlocked |
| Waiting Room | ✅ | ✅ | ||
| Passcode | ✅ | ✅ | ||
| Require Authentication | ✅ | ✅ | ||
| Add Cohost | ✅ | ✅ | ||
| Host control over sharing | ✅ | ✅ | ||
| Hide participant profile images | ✅ | ✅ | ||
| Host can report participants to Zoom | ✅ | ✅ | ||
| “Guest” label for users not authenticated via a George Mason licensed account | ✅ | ✅ | ||
| Host is notified when attendees join the meeting before the host | ✅ | ✅ | ||
| Join before host" as default setting | ✅ | ✅ | ||
| Use of Personal Meeting ID (PMI) when scheduling a meeting | ✅ | ✅ | ||
| Use of Personal Meeting ID (PMI) when starting an instant meeting | ✅ | ✅ | ||
| Private chat (participants' ability to send private 1:1 messages to another participant) | ✅ | ✅ | ||
| Auto save chats | ✅ | ✅ | ||
| Remote control | ✅ | ✅ | ||
| Allow removed participants to rejoin the meeting | ✅ | ✅ | ||
| Auto-accept far-end camera control | ✅ | ✅ |
*A setting that is locked cannot be changed by the user. A setting that is unlocked may be toggled on
Secure Your Meeting
To ensure your meeting runs smoothly and without disruption consider the following options when creating your meeting.
- DO NOT POST MEETING LINKS in a public place like a website or social media or share via email. Zoom-bombing can occur when a meeting link has been shared publicly for only a matter of minutes.
- Do not post Zoom meeting links on social media or other open web pages. If you don’t use Canvas, send class meeting links to students using your class mailing list.
- Require Authentication. Meeting and Webinar authentication options include:
George Mason Users
If you have chosen to require authentication for your meeting, this is the default option. Using this setting restricts a meeting to users who sign in using George Mason’s Zoom website (https://gmu.zoom.us) using George Mason credentials. While this is a more restrictive setting, as it limits meetings to George Mason users, it is more secure.
Sign in to Zoom
This setting restricts the meeting to users who have signed in with any Zoom account, free or paid, George Mason or non-George Mason. This offers some protection but is much less secure than George Mason users.
Note: An Authentication Exception can be added for guests without a Zoom account.
- Use a Waiting Room
- Disable “Allow Removed Participants to Rejoin”
- Disable Attendee Annotation. In the George Mason Zoom environment, Annotation is enabled, which means attendees can annotate on your shared screen at any time.
- Keep “Join before host” disabled
- Mute participants upon entry is advised to avoid unwanted interruptions. You can suggest participants use the raise hand feature before unmuting.
- Manage what features are available to your meeting participants
- Lock the meeting
- Tip: Give participants a few minutes to join before locking your meeting
- Mute All Participants
- Manage Screen Share in Account Settings
- As a host, be cognizant of the in-meeting security features in the Security icon, including the ability to immediately “suspend participant activities.”
Here is more information on Managing Participants in a Meeting and Changing Security Settings.
Classes and Office Hours
- Use the Zoom integration in Canvas for class sessions
- The integration makes it easy to schedule class sessions, invite students, and securely share recordings.
- Adjust Screen Share Options in the Meeting
- By default, Zoom In-Meeting settings at George Mason are set to only allow the host to share; however, if you would like participants to have the ability to share, simply adjust the settings.
Public Events
- Use caution when publicizing your event. Use established mailing lists and trusted channels. Only post the registration link; DO NOT POST MEETING LINKS anywhere that is public.
- Do not use your Personal Meeting link
- Require Registration for Meetings or Webinars
- Have Video and Audio muted on entry
- Disable “Allow Removed Participants to Rejoin”
- For large meetings, use Zoom Webinar
Secure Your Zoom Recordings
In the George Mason Zoom environment, recordings are automatically added to Kaltura.
Add content into your course via Kaltura so that only your students can view the recordings. You can upload your recordings directly from Kaltura into your course.
Require Authentication for your Zoom recording hosted in the gmu.zoom.us cloud for all of your recordings or for specific recordings.
Remove Unwanted Participants
Suspend Participant Activities
Under the Security icon, hosts and co-hosts now have the option to temporarily pause their meeting and remove a disruptive participant. By clicking “Suspend Participant Activities,” all video, audio, in-meeting chat, annotation, screen sharing, and recording during that time will stop, and Breakout Rooms will end.
Remove a participant from the meeting
Find the person you want to remove, click More, and click Remove.
Tip: For added security, lock the meeting so they may not reenter. Doing this prevents anyone from entering the meeting, not just the expelled attendee.
Remove Unwanted AI Bot and Apps
Participants in your meeting or class may use an AI “bot” to monitor, summarize, take images of, and/or record Zoom meetings for that user. Many of these tools have not been vetted or approved for use at George Mason.
These bots
- Can scrape your calendar for information and join, record, and transcribe meetings on your behalf without your knowledge
- Can expose the restricted and sensitive data, including personally identifiable information (PII)
- Following the meeting the AI Bot may send a notice to all invited participants that the recording or transcript is ready. To get the transcript or recording individuals may be required to sign up for the third-party service.
- George Mason blocks the following AI app domains in Zoom:
| otter.ai | fireflies.ai | sembly.ai |
| meetrecord.com | grain.com | avoma.com |
| dubber.net | fathom.video | gong.io |
| colibri.ai | meetgeek.ai |
Note: This list is subject to change based on the introduction of new applications and ASRB approvals.
Steps for prevention:
- Do not share meeting information using third-party calendar integrations
- Use a Waiting Room
- Require Authentication
- Let attendees know that AI bots/apps are blocked. Notify participants if you are leveraging Zoom AI Companion.
Options for Removal:
- Ask the participant to disable the AI Bot.
- Use the host controls to remove the bot, the same way you would remove any other participant.
- Lock the session to prevent the bot (and additional participants) from joining or rejoining.
- Suspend participant activities
Zoom AI Companion has been approved for use in your Zoom meetings. See Getting Started with Zoom AI Companion to learn more.
Resources
See Zoom's Best Practices for Securing Your Virtual Classroom for videos and step-by-step instructions for maintaining a secure, productive online environment.