Ask Zac
Security & SSO beginner 10 minutes

How to prevent Zoom bombing

Learn how to prevent zoom bombing. Step-by-step guide for Zoom administrators with prerequisites, detailed instructions, and troubleshooting tips.

Published February 26, 2026

Zoom bombing, or the disruption of a Zoom meeting by unwanted attendees, can be prevented by utilizing Zoom’s built-in security features. Key steps include enabling the Waiting Room, requiring a meeting password, and controlling screen sharing permissions. This guide provides Zoom administrators with the tools and steps necessary to secure their Zoom Meetings environment.

Prerequisites

  • You must have administrator privileges in your Zoom account.
  • You should have a Zoom Pro, Business, Enterprise, or Education account to access all security features.
  • You should have a clear understanding of the types of meetings you typically host and the required level of security for each.

Enable the Waiting Room

The Waiting Room feature allows you to control who enters your meeting, preventing unwanted guests from joining without your permission.

  1. Sign in to the Zoom web portal as an administrator.
  2. In the navigation menu, click Account Management, then click Account Settings.
  3. Click the Meeting tab.
  4. Under Security, find the Waiting Room option.
  5. Toggle the switch to enable the Waiting Room. If prompted, click Enable to verify the change.
  6. Click Options to customize the Waiting Room settings. You can choose to:
    • Everyone: All participants will go to the Waiting Room.
    • Users not in your account: Only participants who are not signed in to your Zoom account or are not on the allowed list of domains will go to the Waiting Room.
    • Users who are not in your account and not part of your trusted domains: Participants that are not logged into Zoom or are not on a trusted domain will be put in the waiting room.
  7. You can also customize the Waiting Room appearance by clicking Customize Waiting Room to upload a logo, title, and description.

Require a Meeting Password or Passcode

Requiring a password or passcode for your meetings adds an extra layer of security, making it harder for unauthorized individuals to join.

  1. Sign in to the Zoom web portal as an administrator.
  2. In the navigation menu, click Account Management, then click Account Settings.
  3. Click the Meeting tab.
  4. Under Security, locate the Require a passcode when scheduling new meetings option.
  5. Toggle the switch to enable this setting.
  6. You can also choose to require a passcode for:
    • Instant Meetings: This setting will require a passcode for all instant meetings.
    • Personal Meeting ID (PMI): This setting will require a passcode for all meetings using your PMI.
  7. Customize the passcode settings to meet your organization’s security policies. You can set minimum length, complexity, and other requirements.

Control Screen Sharing Permissions

Limiting who can share their screen during a meeting prevents disruptive content from being displayed by unauthorized individuals.

  1. Sign in to the Zoom web portal as an administrator.
  2. In the navigation menu, click Account Management, then click Account Settings.
  3. Click the Meeting tab.
  4. Under In Meeting (Basic), find the Screen sharing option.
  5. Choose the appropriate setting:
    • Host Only: Only the host can share their screen. This is the most secure option.
    • All Participants: All participants can share their screen. This is less secure but allows for more collaboration.
  6. If you choose All Participants, you can also restrict who can start sharing when someone else is sharing. This prevents someone from interrupting a presentation.

Disable Annotation

Annotation allows participants to draw or write on the shared screen. Disabling this feature can prevent unwanted drawings or messages.

  1. Sign in to the Zoom web portal as an administrator.
  2. In the navigation menu, click Account Management, then click Account Settings.
  3. Click the Meeting tab.
  4. Under In Meeting (Basic), find the Annotation option.
  5. Toggle the switch to disable annotation.

Lock the Meeting

Once all expected participants have joined, you can lock the meeting to prevent anyone else from entering.

  1. During a meeting, click Security in the meeting controls.
  2. Click Lock Meeting.
  3. A lock icon will appear in the upper-left corner of the Zoom window, indicating that the meeting is locked.

Remove Disruptive Participants

If a participant is being disruptive, you can remove them from the meeting.

  1. During a meeting, click Security in the meeting controls.
  2. Click Remove Participant.
  3. Select the participant you want to remove and click Remove.
  4. You can also choose to report the participant to Zoom for inappropriate behavior.

Disable File Transfer

Disabling file transfer prevents participants from sharing potentially malicious files.

  1. Sign in to the Zoom web portal as an administrator.
  2. In the navigation menu, click Account Management, then click Account Settings.
  3. Click the Meeting tab.
  4. Under In Meeting (Basic), find the File transfer option.
  5. Toggle the switch to disable file transfer.

Prevent Uninvited Automated Meeting Tools and Participants

Zoom provides settings to prevent uninvited automated meeting tools, dial-in users, and third-party room systems from joining your meetings.

  1. Sign in to the Zoom web portal as an administrator.
  2. In the navigation menu, click Account Management, then click Account Settings.
  3. Click the Meeting tab.
  4. Review settings related to authentication and joining methods to ensure only authorized users can access meetings. Consider settings that block participants without specific email domains or require participants to authenticate through Zoom.

Security Settings for Zoom Events and OnZoom

Common Issues

  • Participants are still bypassing the Waiting Room: Double-check that the Waiting Room is enabled at both the account level and for individual meetings. Also, verify the Waiting Room settings (Everyone, Users not in your account, etc.) are configured correctly.
  • Participants are sharing inappropriate content even with screen sharing restrictions: Ensure that “Host Only” screen sharing is enabled. Train your hosts on how to quickly disable a participant’s screen sharing mid-meeting if necessary.
  • Unwanted participants are guessing the meeting password: Increase the complexity and length of your meeting passwords. Consider using a password generator to create strong, unique passwords for each meeting. Communicate the password securely to authorized participants, avoiding public channels.
  • Users forget the password: Consider using the “Embed password in meeting link” option. While this adds convenience, be aware that it is less secure than manually distributing the password. Only use this option if you are confident that the link will not be shared publicly.
  • Disruptive participants are returning to the meeting after being removed: After removing a disruptive participant, enable the option to prevent them from rejoining.

Frequently Asked Questions

What's the most effective way to prevent Zoom bombing from happening in the first place?

The most effective methods are requiring registration for meetings and using randomly generated meeting IDs instead of personal meeting IDs. Also, ensure the 'Only authenticated users can join meetings' setting is enabled.

If a Zoom bombing does occur, what immediate steps should I take?

Immediately remove the disruptive participant from the meeting and lock the meeting to prevent anyone else from joining. Report the incident to Zoom with any relevant information like user ID and meeting details.

Are there specific Zoom settings that are more vulnerable to Zoom bombing than others?

Yes, using your Personal Meeting ID (PMI) for public meetings is particularly vulnerable, as it's a static ID. Disabling the waiting room and allowing participants to join before the host can also increase the risk.

How can I educate my users to help prevent Zoom bombing?

Train users on best practices like not sharing meeting links publicly on social media and understanding the available security features within Zoom. Remind them to be vigilant about unexpected or inappropriate behavior during meetings and how to report it.

Need help configuring this?

Ask Zac can walk you through the setup step by step, or configure it for you automatically.

Try Ask Zac →