Third-Party Apps/Bots Join Zoom Meetings without an Invite

Body

Issue

Sometimes, when I host a Zoom meeting, there are third-party apps/bots as participants, and I don't invite them.

  • Why are they joining my meeting if I didn't invite them?
  • What should I do to prevent them from joining?

Origin

University of Oklahoma Zoom users have the ability to submit a Zoom App Marketplace Integration Request for approval to be integrated with their individual Zoom accounts. Some third-party apps installed can add bots as participants to every Zoom meeting they join. This can cause confusion and concerns from the host(s) who did not explicitly invite these bots to their meeting.

Risks

The risks of using meeting bots are similar on all meeting systems. Some of these risks include:

  • Bots require access to the following data about users and the meeting participants 
    • Contacts
    • User profiles
    • Calendar access
    • In addition to any content discussed in the meeting (voice recording, voice to text translation, inference of jargon, etc). 

  • The data is no longer controlled by the university and could result in data leakage, loss of intellectual property, violation of compliance regulations,  fines, and penalties for the university.

Resolution

Tips for Hosts

Ultimately, you decide whether to keep any third-party bots that join your meeting as participants. If you feel that the bots would be disruptive or may violate Data Classification Policies (such as if you are discussing PHI), there are a couple of ways to prevent them from joining or remove them after they've joined. However, please keep in mind that some bots are used by users with accessibility needs. (If you are unsure what the purpose of a user's bot is, you can always reach out to the user who manages that bot. Their first and/or last name should be in the bot's name.)

Blocking Bots from Zoom

  • Require solving a CAPTCHA for guest users (users who are not signed in). This feature provides CAPTCHA protection during the desktop browser join process.
  • Meeting hosts should set-up a CAPTCHA and waiting room for all guests to a meeting. This will prevent most bots from joining meetings. 
  • Learn how to enable the CAPTCHA and the waiting room settings for your meetings.
  • Hosts can remove bots and unknown attendees.

To Prevent Bots from Joining your Meeting

  • You can enable the Zoom Waiting Room feature for all meetings you host. Enabling the Waiting Room allows you to view each participant who attempts to join the meeting and only admit those who should be there. Bots will join the Waiting Room just as any other participant, and you can choose to remove them.
  • If your meeting is exclusively or mostly University of Oklahoma Zoom users, it's recommended that you require participants to authenticate in order to join. This setting can be enabled for single meetings or automatically for all new meetings you host. Because the third-party bots cannot authenticate through a University of Oklahoma Zoom account, they will be blocked from joining.

To Remove a Bot after It Has Already Joined

  1. Click Participants (people icon) in the Zoom meeting toolbar.
  2. Find the bot's name you want to remove and click the More icon (the ellipsis) next to their name.
  3. Select Remove from the drop-down menu to remove the bot from the meeting.

(If the "Allow removed participants to rejoin" setting is enabled in your account settings, the bot may try to rejoin the meeting. To prevent this, ensure the setting is not enabled before starting your meeting.)

Tips for Participants

  • Keep in mind that if a third-party app or bot joins meetings with you, the host might inquire about its purpose and may remove it if it violates University of Oklahoma Policies.
  • As a reminder, all Zoom App Marketplace Integration Requests on an individual's Zoom account cannot be used with OU's sensitive or protected data, such as HIPAA, FERPA, or PHI.
    • University of Oklahoma Zoom is approved for some types of sensitive data, including PHI. However, third-party apps are NOT covered and should NEVER be used with sensitive data unless approved through a risk assessment and Zoom integration request
    • For accessibility concerns, please visit https://www.ou.edu/adrc for approved OU accessibility supports. AI Transcriptions bots are currently not accurate enough to replace existing supports, but are recognized as a helpful additional tool.
    • If you intend to join a Zoom meeting with a third-party app/bot and the meeting involves HIPAA, FERPA, PHI, or other sensitive data permitted use in University of Oklahoma Zoom, you should either remove the app from your account before joining the meeting OR ask the host to remove the bot from the participant list at the beginning of the meeting.

Details

Details

Article ID: 3347
Created
Tue 12/10/24 3:56 PM
Modified
Wed 1/29/25 10:44 AM

Related Articles

Related Articles (1)

8.2.2.1 Information (Data) Classification Standard
The University of Oklahoma (OU) recognizes that institutional information is an asset, critically important to effectively supporting OU’s mission of excellence in teaching, research and creative activity, and service. OU also recognizes the need for appropriate data protections, to ensure student and employee privacy is respected and the University complies with applicable laws.