Pckgr Blog

Zoom Management in Windows Environments: A Pckgr and Intune Approach

Thomas Mahony

In today’s remote-centric work culture, Zoom has become a popular tool for communication and collaboration. However, the ease of Zoom installation means that in many organizations, a variation of versions exist across devices, leading to potential security vulnerabilities and inconsistent user experiences.

This blog will explore a solution to unify Zoom installations and ensure that every device in your organization is running the latest, most secure version of Zoom.

The Nature of Zoom Installations

Zoom offers two types of installations for Windows devices: a User Install that places the application in the user’s AppData folder, and a Machine Install that places it in the Program Files directory. The User Install method is commonly used but can lead to multiple versions of Zoom throughout the organization’s devices, as it allows users to install the application independently without needing Admin permissions. This can pose significant risks, including outdated versions that leave devices vulnerable to security breaches.

Ensuring Consistency and Security

To address this challenge, we conducted a test using Pckgr. Our goal was to replace individual User Installs of Zoom with a standardized Machine Install, ensuring that every device was running the latest version of the software.

We began by installing an older version of Zoom via the User Install method on a test device.

Using Winget to install an old version of Zoom.
Confirming it was the User install.

We then deployed the Zoom Machine Install application via Pckgr to Intune.

A toast notification appeared from Intune Management advising that Zoom was installing.

Intune kicking off the Zoom Install.

After the installation completed the results were checked: the Machine Install seamlessly updated Zoom to the latest version, transferring the application from the user’s AppData folder to the Program Files directory. This not only streamlined the installation process but also centralized application management, making it easier for IT administrators to maintain.

Intune notification that Zoom had installed successfully.
Confirming that Zoom is now located in Program Files

Best Practices for Zoom Management

Based on our findings, we recommend the following best practices for managing Zoom installations in a Windows environment:

  • Standardize on Machine Installs: Use the Machine Install method for Zoom to ensure consistency across devices. This approach simplifies management and reduces the risk of security vulnerabilities associated with outdated versions.
  • Leverage Intune: Utilize Intune to manage and deploy Zoom updates. This ensures that all devices in your organization are always running the latest version of Zoom.
  • Automate with Pckgr (Shameless plug of our product) Leverage Pckgr’s capabilities to deploy updates as soon as they are available. This proactive approach ensures maximum security and functionality.

Wrapping it up

By adopting a Machine Install approach and utilizing Intune for deployment and updates, organizations can ensure that their communication tools are not only up-to-date but also secure and managed across all devices.

Have you encountered challenges in managing Zoom or other communication tools within your organization? Share your experiences in the comments below or contact us at Pckgr for more insights on managing software deployments effectively.

, , , ,

2 responses to “Zoom Management in Windows Environments: A Pckgr and Intune Approach”

  1. bsjut Avatar
    bsjut

    Thank you for the detailed test and explanation. Unfortunately this approach doesn’t work for us, where we mainly run on Microsoft Teams and only want to enforce updating “self-installed” versions of Zoom to close security weaknesses.

    When I run the Zoom Machine Install package with the “Update Only” option, it doesn’t discover install in the user context.

    If I understand it correctly, to force switch users from a user context install to a machine install, we would have to force install on all endpoints first.

    Like

    Reply
    1. pckgrapp Avatar
      pckgrapp

      Hello,

      Yes correct, you would need to target the devices and perform an install rather than Update Only. However if you’re happy with keeping the current installs the way they are you can stay with using Update Only.

      Like

      Reply

Leave a comment