Overview

You can restrict all users from joining meetings outside your organization, or restrict access to certain in-meeting features to make sure that users follow your organization's policies. When users try to use a disabled feature, an indicator appears to let them know about the restriction set by the organization.

To ensure security, we recommend applying restrictions to your browsers and all your devices.

Collaboration restrictions only support Webex Meetings and Webex Webinars. These restrictions don't apply to Webex Events (classic), Webex Training, and Webex Support.

These settings apply only to users who are on the Webex Meetings client version 42.3 or higher and Webex App client version 43.6 or higher.

Users can bypass these restrictions by joining internal and external meetings with their personal email addresses, or as guests. To avoid users bypassing these restrictions, follow the steps in Restrict Collaboration Features for Windows, Mac, Android, and iOS devices, and Chrome and Edge web browsers to add a token to company devices to make sure that accounts used with the devices follow the restrictions set by your organization.

When applying collaboration restrictions:

  • If the user logs in with a different organization ID from the registry, Control Hub follows the most restrictive policy. Both the user policy and the organization policy are checked.
  • If the user logs in with the same organization ID in the registry, Control Hub follows the logged-in user’s policy.

Collaboration restrictions at a group or user level

If you want to set up policies for specific groups or on a per user basis instead of the whole organization, you can do so by creating meetings settings templates.

Allow or block external users from joining meetings in your organization

You can allow or block users outside of your organization from joining meetings hosted by users in your organization.

1

Sign in to Control Hub.

2

Go to Services > Meeting > Settings.

3

Under Meetings, select one of the following next to Internal:

  • Allow all external users—Allow users outside of your organization to join meetings hosted by users in your organization.
  • Allow external users with approved email domains—Allow users with email domains that you’ve approved to join meetings hosted by users in your organization.
  • Block external users with selected email domains—Prevent users with email domains that you’ve selected from joining meetings hosted by users in your organization.

    This feature is available on our Webex Suite meeting platform.

  • Block all external users—Prevent all users outside of your organization from joining meetings hosted by users in your organization.
4

If you selected Allow external users with approved email domains, enter an approved email domain and click Add. You can also toggle Apply these settings to Personal Room Meetings only on.

5

If you selected Block external users with selected email domains, enter an email domain to block external users and click Add. You can also toggle Apply this configuration to Personal Room Meetings only on.

When you block users from joining external meetings, they can't join meetings that are hosted from Webex sites outside of your organization. But you can allow users to join meetings on certain Webex sites, by adding those Webex sites to an approved list setting.

1

Sign in to Control Hub.

2

Go to Services > Meeting > Settings.

3

Under Meetings, select one of the following next to External:

  • Allow all external sites—Allow users to join all external meetings.
  • Allow approved external sites—Allow users to join only external meetings from approved Webex sites.
  • Block selected external sites—Prevent users from joining external meetings hosted on Webex sites that you choose to block.

    This feature is available on our Webex Suite meeting platform.

  • Block all external sites—Prevent users from joining external meetings on any Webex site.
4

If you selected Allow approved external sites, enter a Webex sitename and click Add.

5

If you selected Block selected external sites, enter the Webex sites you wish to block and click Add to enforce the restriction.

What to do next

If you allow users to join external meetings, you can select which collaboration features users have available to them during external meetings.

Restrict collaboration features in Webex Meetings

These settings apply to users joining internal and external meetings. If you want to restrict your in-meeting features, then you can create and use a custom session type or a meeting settings template.

Session types support only internal meeting policies. Session types are applicable only when the user is the meeting host.

Meeting settings templates support internal and external meeting policies. Meeting settings templates are applicable when the user is the meeting host or participant.

1

Sign in to Control Hub.

2

Go to Services > Meeting > Settings.

3

Toggle the features you want to enable or disable for users during internal or external meetings:

Breakout sessions

  • Broadcast messages—Allows a meeting host to broadcast a written message to participants in one or all breakout sessions. This is available on the Webex Suite meeting platform.

Collaboration tools

SettingDescriptionAvailable on the Webex Suite meeting platform?
Annotation

If you are a restricted user and annotation is disabled, others can't annotate your sharing. Annotation is blocked for you. When others are sharing, you can view what's being shared, but you can't annotate. If the restricted user is the meeting host, then nobody in the meeting can annotate.

Yes
Breakout sessions Broadcast messages—Users have access to broadcast messages. Yes
Polling

If disabled, the restricted user cannot use the polling feature.

No

Q&A

If disabled, the restricted user cannot use the Q&A feature.

No

In meeting

SettingDescriptionAvailable on the Webex Suite meeting platform?
Chat If disabled, the restricted user cannot send or receive chat messages. Yes
Closed captioning If disabled, the restricted user cannot use the Closed captioning feature. Yes
Enforce virtual background Requires that users have a virtual background in order to turn their video on. Yes
File transfer If disabled, the restricted user cannot share files, and cannot view or download shared files. Yes
Participant list If disabled, the restricted user cannot view the participant list. Yes
Take presenter If disabled, users cannot take the presenter role.

This only applies to the host. When the restricted user is a participant, the Take presenter feature is enabled.

Yes
Notes If disabled, the restricted user cannot use the Notes feature. No
Webex Assistant If disabled, Webex Assistant is not available in the meeting.

This only applies to the host. When the restricted user is a participant, Webex Assistant is enabled.

Yes

Recording

SettingDescription

Available on the Webex Suite meeting platform?

Cloud recordingIf disabled, the restricted user cannot record a meeting to the cloud.Yes
Local recording

If disabled, the restricted user cannot record a meeting to their local computer.

Yes

Remote control

  • Turn on remote control—Users can remotely control another computer during the meeting, and allow anyone to remotely control their computers.

SettingDescriptionAvailable on the Webex Suite meeting platform?
Application remote controlIf unchecked, the restricted user cannot remotely control another user's application.No
Desktop remote controlIf unchecked, the restricted user cannot remotely control another user's desktop.Yes
Web browser remote controlIf unchecked, the restricted user cannot remotely control another user's web browser.No

Sharing

  • Enable sharing—Allow users to share their screen. Toggle this and/or the following sharing features off to increase security.

SettingDescriptionAvailable on the Webex Suite meeting platform?
Application sharing If unchecked, the restricted user cannot share an application. Yes
Desktop sharing If unchecked, the restricted user cannot share their desktop. Yes
File sharing If unchecked, the restricted user cannot share files.

For organizations not yet on the Webex Suite meeting platform, enabling either File sharing or Whiteboard sharing will grant users access to both features.

Yes
Web browser sharing If unchecked, the restricted user cannot share their web browser, but they can view others' shared web browsers. No
Whiteboard sharing If unchecked, the restricted user cannot share the whiteboard.

For organizations not yet on the Webex Suite meeting platform, enabling either File sharing or Whiteboard sharing will grant users access to both features.

Yes
Camera sharing If unchecked, the restricted user cannot share video from their camera. Yes

Telephony

  • Call in (host only)
    • Toll—Allow incoming toll calls only.
    • Toll and toll free—Allow incoming calls which are either toll or toll-free.
    • Global call in—Allow a local phone number to call in to Webex meetings. The local numbers that are available depend on the configuration in your Webex site.
    • Calling Line Identification (CLI)—Allow more security for your meetings. CLI is a form of caller ID that sends a caller's phone number to the system before the call is answered. For more information, see Enable CLI Authentication for Webex Meetings, Webinars, and Training.
      • Check Use authentication PIN if you want to require a PIN when using CLI.
  • Call back (host only)—If toggled on, these options apply to the host. But if toggled off, they are disabled for everyone.

    If Call back is toggled on, you can check the box next to Global call back. If this option is checked, all attendees will be prompted to enter their phone numbers after they join the meeting, and Webex calls back each attendee to connect them to the meeting.

  • VoIP—Allow host and participants to use VoIP.

    If the host is blocked from using VoIP, the participants won’t be affected. VoIP features during the meeting can be freely accessed by participants, if they are individually allowed to use VoIP based on their organizational policies.

  • Other teleconference service (host only)—If toggled off, the host can’t use a third-party teleconference service.

Video

  • Enable video—Allow participants to turn on the video.
    • Standard definition (360p)—User's video can only stream up to 360p.
    • High definition (720p)—User's video can stream up to 720p.

Recording downloads

  • Prevent recordings download—Allows you to stop users from downloading recordings. This is the default setting.

    Hosts can override this default setting and enable downloading of recordings if required.

    This feature is only applicable to MP4 recordings.

Recording links

  • Allow public recording links—Allows you to share recording links with anyone. If toggled off, recording links are private. This means only people within your organization can view recordings. This is the default setting.

    Hosts can override this default setting and allow public sharing of recording links if required.

    This feature is only applicable to MP4 recordings.

Recording link expiration

  • Customize recording link expiration time—Allows you to set and customize the expiration time for public recording links.

    Your retention policy sets a default expiration period for recording links. But, the custom expiration time does not have to match with the duration specified in the retention policy. This means you can adjust the default setting and customize the expiration time of recording links to suit specific needs.

    Compliance officers and administrators can access recordings even if the links are set to expire after a certain period.

    This feature doesn’t apply to recordings shared with users from the same site, uploaded recordings, recordings in Webex App, Webex Events, Webex Training, Webex Support, old recordings in Webex Meetings for mobile platforms, and old recording formats (such as ARF).

    Contact Cisco support for assistance if you would like to use this feature.

Settings override

  • Override participant settings when hosting—Allow participants to share the same meeting policy as the host.

    Administrators can enable meeting settings override and use existing settings templates to enforce meeting policies for specific hosts. This means that when the host initiates a meeting, all participants follow the host's policy rather than their own.

    This applies only to internal meetings.

Webex Meeting lobbies

  • Allow customized lobbies—If toggled on, you can personalize your meeting lobbies and also manage whether your users can customize theirs.
  • Organization customized lobbies—Create and manage your own customized lobbies for your organization. You can create up to 10 lobbies for your organization. You can make changes to your lobbies and can preview them in real time. You have the option to select a default lobby. The Webex Default lobby is selected if not selection is made. You can edit or delete any lobby except the Webex Default lobby.

    You can control the visibility of any default lobby. Toggle Org access on to allow users within the organization to select the lobby from the drop-down menu in Webex. If toggled off, the lobby is hidden from the drop-down menu. You must have at least one default lobby enabled always.

    Selecting Org default lobby indicates that all users in your organization see that lobby by default, if they don’t customize it.

    You can also assign various default lobbies to different user groups in your organization.

  • Allow users to customize lobbies—Users in your organization can customize their meeting lobbies. Participants can see your user's custom lobby for every meeting that the user hosts.

    You can either enable or disable your user's capability to customize any or all four lobby components, including messages, banners, logos, and videos or images. All these features are enabled by default.

Restrict collaboration features for Windows, Mac, Linux, Android, and iOS devices, and Chrome and Edge web browsers

If you want to restrict these collaboration settings devices in your organization, you can edit the system files so that those settings apply to anyone who uses the device to join a meeting outside your organization.

To do this, you have to first find and copy your organization ID in Control Hub. After getting the organization ID, follow the steps that apply to the devices that you want to edit.

Make sure to lock the organization ID in the registry so users can't change it themselves. If users change the organization ID, then the collaboration restrictions won't apply to their devices.

To ensure security, we recommend applying restrictions to your browsers and all your devices.

1

Sign in to Control Hub, and go to Management > Account.

2

Click the Copy icon in the Organization ID field.

You can choose from three options to set up collaboration feature restrictions for Windows devices:

  • Configure manually using a registry value—You can manually edit specific devices by adding the organization ID to the registry:

    1. Open the registry and browse to the context where you want to apply this policy. One of:

      • HKEY_CURRENT_USER\SOFTWARE\Policies\CiscoWebex\

      • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CiscoWebex\

    2. Create a new string value called OrganizationID.
    3. Right-click the new value and then Modify...
    4. Paste the organization ID in the Value data of the new string.
  • Configure using a Group Policy template—You can import a Group Policy administrative template (.adm) to apply the organization ID to the same registry values as above.

  • Configure using an MSI Installation—You can run a command to install webexapp.msi using the organization ID to edit this registry value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Webex\Policies\OrganizationID .

Configure using registry keys

  1. Open the Registry Editor.

  2. Add the organization ID to one of the following registry values:

    • HKEY_CURRENT_USER\SOFTWARE\Policies\CiscoWebex\OrganizationID

    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CiscoWebex\OrganizationID

Configure using a Group Policy template

  1. Import an .adm file.

  2. In a group policy management tool, click either:

    • Computer Configuration to apply the organization ID to HKEY_CURRENT_USER\SOFTWARE\Policies\CiscoWebex\OrganizationID

    • User Configuration to apply the organization to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CiscoWebex\OrganizationID

  3. In the navigation panel, click Administrative Templates > Classic Administrative Templates (ADM) > Cisco WebEx Meetings > Cisco WebEx Meetings General Settings.

  4. Double-click Configure Organization ID in Cisco Webex.

  5. Click Enabled, add your organization ID in the Options box, and then click Apply.

Configure using a MSI installation

  1. Run the following command to install webexapp.msi with the ORGANIZATIONID parameter to configure HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Webex\Policies\OrganizationID:

    msiexec /i webexapp.msi /log webexapp.log ORGANIZATIONID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

To set up collaboration restrictions on Mac devices, create a .plist file named com.cisco.webexmeetings.config.plist under /Library/Preferences/, and add the following key to the file:

Key name

Value

Description

OrganizationID

%OrganizationID%

Specify the organization ID that you copied from Control Hub for the collaboration restrictions.

To set up collaboration restrictions on Android and iOS mobile devices, you have to configure the organization ID using the Mobile Device Management AppConfig service.

This feature works only for mobile devices that use the Webex Meetings app on version 41.7 and later.

Configuration key

Value type

Description

OrganizationID

String

Specify the organization ID that you copied from Control Hub for the collaboration restrictions.

To have your organization's policies apply to users who join from Google Chrome, you must add the Webex Meetings Policy plugin downloaded from the Chrome Web Store and then add a rule for your organization to the policy.

Users who are restricted from joining certain meetings see the following message when they try to join a restricted meeting through Google Chrome.

  1. Open Google Chrome's IT admin page at https://admin.google.com.

  2. Add the Webex Meetings Policy plugin extension by going to Chrome > Apps & extensions > Users & browsers > Add Chrome app or extension by ID.

  3. Add the following extension by ID: denhmfenjcamjiamkogegcjieeiahjgp.

  4. Add the following rule to the policy (using your own organization ID):

    {

    "orgID": {

    "Value": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

    }

    }

  5. Right-click the tab and select Force install.

Configure using a group policy template

You can use group policies to install the Webex Meetings policy extension.

Before you begin ensure that you’ve imported the ADM or ADMX templates for Google Chrome.

  1. In the Group Policy Editor, go to Computer configuration > Policies > Administrative Templates > Google Chrome > Extensions.

  2. Select 'Configure the list of force-installed app and extensions'.

  3. Right-click, and select Edit.

  4. Select Enabled.

  5. Click Show.

  6. Enter the following ID under 'Extension/App IDs and update URLs to be silently installed'.

    denhmfenjcamjiamkogegcjieeiahjgp;https://clients2.google.com/service/update2/crx
  7. Click Apply.

It may take time for Chrome to load the configuration. You can restart Google Chrome or reload the policies by entering chrome://policy/ in the address bar.

Webex meetings policy extension Chrome

Configure the organization ID with the registry key using a group policy

You can use Microsoft Group Policy to install the Webex Meetings Policy extension on to Google Chrome and configure the organization ID.

  1. In the Group Policy Management Editor, create a new Group Policy Object (GPO).

    You can also edit an existing GPO.

  2. Link the GPO to the organization containing your users or devices, and switch to GPO Edit mode.

  3. Go to Computer Configuration > Preferences > Windows Settings > Registry.

  4. Right-click on Registry and select New > Registry Item.

  5. In the New Registry Properties window, select the General tab.

  6. Under Action, select Create.
  7. Enter the following details:

    • HiveHKEY_LOCAL_MACHINE

    • Key PathSOFTWARE\Policies\Google\Chrome\3rdparty\extensions\denhmfenjcamjiamkogegcjieeiahjgp\policy

    • Value nameorgID

    • Value typeREG_SZ

    • Value data—The organization ID provided by Cisco.

  8. Click Apply.

    Configure org ID with registry key via group policy Chrome

You must install and configure the Webex Meetings policy extension on Chrome browsers. This configuration applies your organization's meeting restrictions policy to users who join meetings using Chrome on MacOS computers. The details you need are:

  • Extension ID: This is the same for everybody: denhmfenjcamjiamkogegcjieeiahjgp
  • Your organization ID: Unique to your Webex organization. You can copy this ID from Control Hub, on the Management > Account page.

Using Google Admin console

Describes how to force install the Webex Meetings extension with Google Admin console and configure it with your organization ID.

  1. Sign in to your Google Admin console at https://admin.google.com.

  2. Go to Chrome > Apps & extensions > Users & browsers > Add Chrome app or extension by ID.

  3. Add the following extension by ID: denhmfenjcamjiamkogegcjieeiahjgp.

  4. Add the following rule to the policy (using your own organization ID):

    {

    "orgID": {

    "Value": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

    }

    }

  5. Right-click the tab and select Force install.

Setting MacOS preference

Describes how to force install the Webex Meetings extension using Chrome's

ExtensionInstallForcelist
preference on MacOS, and then configure the extension with your organization ID.

  1. Read the topic ExtensionInstallForcelist at Google's Chrome Enterprise policy documentation.
  2. Use your Mobile Device Management software to update the

    ExtensionInstallForcelist
    preference.

    • Add the following extension ID: denhmfenjcamjiamkogegcjieeiahjgp and

    • Add the update URL for the extension: https://clients2.google.com/service/update2/crx

    You should end up with a new string in the array that defines the extension force install list:

    
               <array>
                <string>denhmfenjcamjiamkogegcjieeiahjgp;https://clients2.google.com/service/update2/crx</string>
                <string>other-extension-id;other-extension-update-URL</string>
                <string>another-extension-id;another-extension-update-URL</string>
               </array>
              

  3. Deploy the modified configuration profile to your MacOS computers.

    Webex policy extension for Chrome

  4. Verify that the extension is installed on the Mac.

Create a configuration profile

Describes how to configure your organization ID for the Webex policy extension.

  1. Create a property list file com.google.Chrome.extensions.denhmfenjcamjiamkogegcjieeiahjgp.plist with your organization ID using the following value:

    
                <?xml version="1.0" encoding="UTF-8"?>
                <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
                <plist version="1.0">
                 <dict>
                  <key>orgID</key>
                  <string>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</string>
                 </dict>
                </plist>
              

  2. Deploy the modified configuration profile to your MacOS computers.

  3. Verify that your Meetings policy applies when a user on a managed MacOS computer uses Chrome to join a meeting.

    Organization ID for Webex policy extension

You can apply collaboration restrictions to your organization for users who join from Microsoft Edge. You can use the Google Chrome browser extension on Microsoft Edge as well.

Before you begin ensure that your device is enrolled for mobile device management (MDM).

Create a new configuration profile

  1. Sign in to the Microsoft admin page, and go to Devices > Configuration profiles > Create profile.

  2. Select the following properties:

    • Platform—Windows 10 or later.

    • Profile type—Templates.

  3. Click Create.

  4. Under Basics, select a name and description for your organization's policy.

  5. Click Next.

  6. Under Configuration settings > Computer Configuration, search for ‘Control which extensions are installed silently’ and select it.

  7. Select Enabled and enter the following ID under 'Extension/App IDs and update URLs to be silently installed':

    denhmfenjcamjiamkogegcjieeiahjgp;https://clients2.google.com/service/update2/crx?response=updatecheck&x=id%3Ddenhmfenjcamjiamkogegcjieeiahjgp%26uc
              

  8. Click Next.

  9. (Optional) Under Scope tags, you can assign scope tags to the profile.

  10. Under Assignments, select 'Add all users' and 'Add all devices'.

  11. Click Next.

  12. Under Review + create, review your settings and click Create.

Sync your managed device

  1. On your managed device, go to Settings > Accounts > Access work or school.

  2. Under 'Connected to MSFT MDM', click Info.

  3. Scroll to 'Device sync status' and click Sync.

    The Google Chrome extension is installed once the sync is complete. You can verify the sync by checking the Registry Editor in the following location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist

    The extension is also available in Microsoft Edge at edge://extensions.

Configure using registry key

To configure the policy for a specific organization ID, the Chrome extension reads a policy that is set in the registry. You can manually import a registry key by creating a .reg file.

  1. Open the Registry Editor.

  2. Create a .reg file with the following value:

    Windows Registry Editor Version 5.00
                
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\denhmfenjcamjiamkogegcjieeiahjgp\policy]
    "orgID"="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
              

  3. Double-click the file to install the registry key.

    You can also use PowerShell to install the registry key. Use the following value:

    reg import .\edge_policy.reg

Verify your organization ID

  1. Restart Microsoft Edge and go to web.webex.com.

  2. Open the developer console and enter webex.config.meetings.installedOrgID.

    The organization ID from the .reg file is shown.

Configure using a group policy template

You can use group policies to install the Webex Meetings policy extension.

Before you begin ensure that you’ve imported the Microsoft Edge administrative templates.

  1. In the Group Policy Editor, go to Administrative Templates > Microsoft Edge > Extensions.

  2. Select 'Control which extensions are installed silently'.
  3. Select Enabled.

  4. Click Show.

  5. Enter the following ID under 'Extension/App IDs and update URLs to be silently installed'.

    denhmfenjcamjiamkogegcjieeiahjgp;https://clients2.google.com/service/update2/crx
  6. Click Apply.

Configure organization ID with registry key using group policy

You can use Microsoft Group Policy to install the Webex Meetings Policy extension on to Microsoft Edge and configure the organization ID.

  1. In the Group Policy Management Editor, create a new Group Policy Object (GPO).

    You can also edit an existing GPO.

  2. Link the GPO to the organization containing your users or devices, and switch to GPO Edit mode.

  3. Go to Computer Configuration > Preferences > Windows Settings > Registry.

  4. Right-click on Registry and select New > Registry Item.

  5. In the New Registry Properties window, select the General tab.

  6. Under Action, select Create.
  7. Enter the following details:

    • HiveHKEY_LOCAL_MACHINE

    • Key PathSOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\denhmfenjcamjiamkogegcjieeiahjgp\policy

    • Value nameorgID

    • Value typeREG_SZ

    • Value data—The organization ID provided by Cisco.

  8. Click Apply.

Known issues

Known issues for Webex Assistant for Meetings

If a meeting has Closed Captioning and Webex Assistant enabled, users with those two features disabled can't turn both of them off during the meeting if they're given the host role.

Known issues for Webex devices

  • Users on Mac devices can grab the presenter role from users on Webex devices even if the Take presenter feature have been disabled.
  • Users with the Annotation feature disabled will still see annotations when they use Webex devices to join meetings.
  • Collaboration restrictions are not applicable for Webex Devices (personal and shared) on Webex Meetings. This means, if the admin disables certain features, the user can still use those features on Webex Devices. For example, if sharing is disabled, the user (host or participant) can still share regardless of the meeting policy or Webex Device used.

Known issues with older client versions

We recommend that you upgrade the Webex Meetings client to the last version (WBS 42.7 or above) or at least to the latest lockdown version (WBS42.6) so users get the best experience with collaboration features. If users are on an older client version (such as WBS 42.3 or lower), some collaboration features may not be available or may work incorrectly.

Known issues with restricting Annotation and File and whiteboarding sharing features

When Annotation is restricted, but File and whiteboarding sharing isn't, users can still see annotations if the presenter shares a whiteboard and starts annotating.

Restrict collaboration features for Windows, Mac, Linux, Android, and iOS devices, and Chrome and Edge web browsers

If you want to restrict these collaboration settings devices in your organization, you can edit the system files so that those settings apply to anyone who uses the device to join a meeting outside your organization.

To do this, you have to first find and copy your organization ID in Control Hub. After getting the organization ID, follow the steps to the devices you want to edit.

Make sure to lock the organization ID in the registry so users can't change it themselves. If users change the organization ID, then the collaboration restrictions won't apply to their devices.

To ensure security, we recommend applying restrictions to your browsers and all your devices.

1

Sign in to Control Hub, and go to Management > Account.

2

Click the Copy icon in the Organization ID field.

You can choose from these options to set up collaboration feature restrictions for Windows devices:

Configure using registry keys

You can manually edit specific devices by adding the organization ID to one of these registry values:

  1. Open the Registry Editor.

  2. Add the organization ID to one of the following registry values:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CiscoWebex\OrganizationID

    • HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Spark Native\OrganizationID

For meetings on the Webex Suite meeting platform, you can set the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CiscoWebex\AllowOrganizationIDInHKCU with Value as 1 and Type as DWORD32, and apply the organization ID to one of these registry values:

  • HKEY_CURRENT_USER\SOFTWARE\Policies\CiscoWebex\OrganizationID

  • HKEY_ CURRENT_USER\SOFTWARE\Cisco Spark Native\OrganizationID

Configure using a Group Policy template

You can import a Group Policy administrative template .adm or .admx file to apply the organization ID to the same registry values as above.

Import an .adm file:

  1. Download the group policy administrative template and add it to the group policy management tool.
  2. In the group policy management tool, click either:

    • Computer Configuration to apply the organization ID to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CiscoWebex\OrganizationID

    • User Configuration to apply the organization to HKEY_ CURRENT_USER\SOFTWARE\Policies\CiscoWebex\OrganizationID

  3. In the navigation panel, click Administrative Templates > Classic Administrative Templates (ADM) > Cisco WebEx Meetings > Cisco WebEx Meetings General Settings.

  4. Double-click Configure Organization ID in Cisco Webex.

  5. Click Enabled, add your organization ID in the Options box, and then click Apply.

Import an .admx file:

  1. Download the group policy administrative template and add it to the PolicyDefinitions folder.
  2. In the group policy management tool, click either:

    • Computer Configuration to apply the organization ID to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CiscoWebex\OrganizationID

    • User Configuration to apply the organization to HKEY_ CURRENT_USER\SOFTWARE\Policies\CiscoWebex\OrganizationID

  3. In the navigation panel, click Administrative Templates > Cisco WebEx Meetings > Cisco WebEx Meetings General Settings.

  4. Double-click Configure Organization ID in Cisco Webex.

  5. Click Enabled, add your organization ID in the Options box, and then click Apply.

Configure using an MSI installation

You can run the following command to install webexapp.msi with the ORGID parameter to configure the organization ID to this registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Spark Native\OrganizationID.

For example:

msiexec /i c:\work\Webex.msi ACCEPT_EULA=TRUE EMAIL=xxxx@example.com ORGID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Configure using a priority order

You can set the priority order from high to low.

You can set the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CiscoWebex\AllowOrganizationIDInHKCU with Value as 1 and Type as DWORD32.

The organization ID is retrieved with the following sequence with high to low priority:

  • HKEY_CURRENT_USER\SOFTWARE\Policies\CiscoWebex\OrganizationID (configured manually or through group policy template)
  • HKEY_CURRENT_USER\SOFTWARE\Cisco Spark Native\OrganizationID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CiscoWebex\OrganizationID (configured manually or through group policy template)
  • HKEY_LOCAL_MACHIN\SOFTWARE\Cisco Spark Native\OrganizationID (configured through MSI installation)

Configure using mobile device management (MDM)

We recommend following the Webex App MDM Deployment procedure to add the organization ID to the preference domain Cisco-Systems.Spark.

To set up collaboration restrictions for the Webex Suite meeting platform on Linux devices, create a .json file named managedConfig.json and add the following key to the file:

Key name

Location

File content

OrganizationID

/etc/cisco-webex/managedConfig.json

managedConfig.json

{

"organization-id": "xxxxxxxx"

}

To have your organization's policies apply to users who join from Google Chrome, you must add the Webex Meetings Policy plugin downloaded from the Chrome Web Store and then add a rule for your organization to the policy.

Users who are restricted from joining certain meetings see the following message when they try to join a restricted meeting through Google Chrome.

  1. Open Google Chrome's IT admin page at https://admin.google.com.

  2. Add the Webex Meetings Policy plugin extension by going to Chrome > Apps & extensions > Users & browsers > Add Chrome app or extension by ID.

  3. Add the following extension by ID: denhmfenjcamjiamkogegcjieeiahjgp.

  4. Add the following rule to the policy (using your own organization ID):

    {

    "orgID": {

    "Value": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

    }

    }

  5. Right-click the tab and select Force install.

Configure using a group policy template

You can use group policies to install the Webex Meetings policy extension.

Before you begin ensure that you’ve imported the ADM or ADMX templates for Google Chrome.

  1. In the Group Policy Editor, go to Computer configuration > Policies > Administrative Templates > Google Chrome > Extensions.

  2. Select 'Configure the list of force-installed app and extensions'.

  3. Right-click, and select Edit.

  4. Select Enabled.

  5. Click Show.

  6. Enter the following ID under 'Extension/App IDs and update URLs to be silently installed'.

    denhmfenjcamjiamkogegcjieeiahjgp;https://clients2.google.com/service/update2/crx
  7. Click Apply.

It may take time for Chrome to load the configuration. You can restart Google Chrome or reload the policies by entering chrome://policy/ in the address bar.

Webex meetings policy extension Chrome

Configure the organization ID with the registry key using a group policy

You can use Microsoft Group Policy to install the Webex Meetings Policy extension on to Google Chrome and configure the organization ID.

  1. In the Group Policy Management Editor, create a new Group Policy Object (GPO).

    You can also edit an existing GPO.

  2. Link the GPO to the organization containing your users or devices, and switch to GPO Edit mode.

  3. Go to Computer Configuration > Preferences > Windows Settings > Registry.

  4. Right-click on Registry and select New > Registry Item.

  5. In the New Registry Properties window, select the General tab.

  6. Under Action, select Create.
  7. Enter the following details:

    • HiveHKEY_LOCAL_MACHINE

    • Key PathSOFTWARE\Policies\Google\Chrome\3rdparty\extensions\denhmfenjcamjiamkogegcjieeiahjgp\policy

    • Value nameorgID

    • Value typeREG_SZ

    • Value data—The organization ID provided by Cisco.

  8. Click Apply.

    Configure org ID with registry key via group policy Chrome

You must install and configure the Webex Meetings policy extension on Chrome browsers. This configuration applies your organization's meeting restrictions policy to users who join meetings using Chrome on MacOS computers. The details you need are:

  • Extension ID: This is the same for everybody: denhmfenjcamjiamkogegcjieeiahjgp
  • Your organization ID: Unique to your Webex organization. You can copy this ID from Control Hub, on the Management > Account page.

Using Google Admin console

Describes how to force install the Webex Meetings extension with Google Admin console and configure it with your organization ID.

  1. Sign in to your Google Admin console at https://admin.google.com.

  2. Go to Chrome > Apps & extensions > Users & browsers > Add Chrome app or extension by ID.

  3. Add the following extension by ID: denhmfenjcamjiamkogegcjieeiahjgp.

  4. Add the following rule to the policy (using your own organization ID):

    {

    "orgID": {

    "Value": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

    }

    }

  5. Right-click the tab and select Force install.

Setting MacOS preference

Describes how to force install the Webex Meetings extension using Chrome's

ExtensionInstallForcelist
preference on MacOS, and then configure the extension with your organization ID.

  1. Read the topic ExtensionInstallForcelist at Google's Chrome Enterprise policy documentation.
  2. Use your Mobile Device Management software to update the

    ExtensionInstallForcelist
    preference.

    • Add the following extension ID: denhmfenjcamjiamkogegcjieeiahjgp and

    • Add the update URL for the extension: https://clients2.google.com/service/update2/crx

    You should end up with a new string in the array that defines the extension force install list:

    
               <array>
                <string>denhmfenjcamjiamkogegcjieeiahjgp;https://clients2.google.com/service/update2/crx</string>
                <string>other-extension-id;other-extension-update-URL</string>
                <string>another-extension-id;another-extension-update-URL</string>
               </array>
              

  3. Deploy the modified configuration profile to your MacOS computers.

    Webex policy extension for Chrome

  4. Verify that the extension is installed on the Mac.

Create a configuration profile

Describes how to configure your organization ID for the Webex policy extension.

  1. Create a property list file com.google.Chrome.extensions.denhmfenjcamjiamkogegcjieeiahjgp.plist with your organization ID using the following value:

    
                <?xml version="1.0" encoding="UTF-8"?>
                <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
                <plist version="1.0">
                 <dict>
                  <key>orgID</key>
                  <string>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</string>
                 </dict>
                </plist>
              

  2. Deploy the modified configuration profile to your MacOS computers.

  3. Verify that your Meetings policy applies when a user on a managed MacOS computer uses Chrome to join a meeting.

    Organization ID for Webex policy extension

You can apply collaboration restrictions to your organization for users who join from Microsoft Edge. You can use the Google Chrome browser extension on Microsoft Edge as well.

Before you begin ensure that your device is enrolled for mobile device management (MDM).

Create a new configuration profile

  1. Sign in to the Microsoft admin page, and go to Devices > Configuration profiles > Create profile.

  2. Select the following properties:

    • Platform—Windows 10 or later.

    • Profile type—Templates.

  3. Click Create.

  4. Under Basics, select a name and description for your organization's policy.

  5. Click Next.

  6. Under Configuration settings > Computer Configuration, search for ‘Control which extensions are installed silently’ and select it.

  7. Select Enabled and enter the following ID under 'Extension/App IDs and update URLs to be silently installed':

    denhmfenjcamjiamkogegcjieeiahjgp;https://clients2.google.com/service/update2/crx?response=updatecheck&x=id%3Ddenhmfenjcamjiamkogegcjieeiahjgp%26uc
              

  8. Click Next.

  9. (Optional) Under Scope tags, you can assign scope tags to the profile.

  10. Under Assignments, select 'Add all users' and 'Add all devices'.

  11. Click Next.

  12. Under Review + create, review your settings and click Create.

Sync your managed device

  1. On your managed device, go to Settings > Accounts > Access work or school.

  2. Under 'Connected to MSFT MDM', click Info.

  3. Scroll to 'Device sync status' and click Sync.

    The Google Chrome extension is installed once the sync is complete. You can verify the sync by checking the Registry Editor in the following location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist

    The extension is also available in Microsoft Edge at edge://extensions.

Configure using registry key

To configure the policy for a specific organization ID, the Chrome extension reads a policy that is set in the registry. You can manually import a registry key by creating a .reg file.

  1. Open the Registry Editor.

  2. Create a .reg file with the following value:

    Windows Registry Editor Version 5.00
                
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\denhmfenjcamjiamkogegcjieeiahjgp\policy]
    "orgID"="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
              

  3. Double-click the file to install the registry key.

    You can also use PowerShell to install the registry key. Use the following value:

    reg import .\edge_policy.reg

Verify your organization ID

  1. Restart Microsoft Edge and go to web.webex.com.

  2. Open the developer console and enter webex.config.meetings.installedOrgID.

    The organization ID from the .reg file is shown.

Configure using a group policy template

You can use group policies to install the Webex Meetings policy extension.

Before you begin ensure that you’ve imported the Microsoft Edge administrative templates.

  1. In the Group Policy Editor, go to Administrative Templates > Microsoft Edge > Extensions.

  2. Select 'Control which extensions are installed silently'.
  3. Select Enabled.

  4. Click Show.

  5. Enter the following ID under 'Extension/App IDs and update URLs to be silently installed'.

    denhmfenjcamjiamkogegcjieeiahjgp;https://clients2.google.com/service/update2/crx
  6. Click Apply.

Configure organization ID with registry key using group policy

You can use Microsoft Group Policy to install the Webex Meetings Policy extension on to Microsoft Edge and configure the organization ID.

  1. In the Group Policy Management Editor, create a new Group Policy Object (GPO).

    You can also edit an existing GPO.

  2. Link the GPO to the organization containing your users or devices, and switch to GPO Edit mode.

  3. Go to Computer Configuration > Preferences > Windows Settings > Registry.

  4. Right-click on Registry and select New > Registry Item.

  5. In the New Registry Properties window, select the General tab.

  6. Under Action, select Create.
  7. Enter the following details:

    • HiveHKEY_LOCAL_MACHINE

    • Key PathSOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\denhmfenjcamjiamkogegcjieeiahjgp\policy

    • Value nameorgID

    • Value typeREG_SZ

    • Value data—The organization ID provided by Cisco.

  8. Click Apply.

Known issues

Known issues for Webex App

  • When applying collaboration restrictions, it may take up to 30 minutes for new policies to be applied for meetings on the Webex Suite meeting platform.
  • When a user pairs with a personal mode device, cloud recording policies for the user are applied to their personal device. But when a user is paired with a shared room device, cloud recording policies are determined by the meeting policy, and not the user policy. This is applicable for meetings on the Webex Suite meeting platform.
  • When using the Webex Suite meeting platform, if a Windows, Mac, or iOS user isn’t allowed to join a meeting, the user is asked to switch their account. By clicking Switch Account, the Webex App restarts and the user is taken back to the sign-in page. But, for Android users, clicking Switch Account doesn’t restart the Webex App instead, it closes the application.
  • When using meetings on the Webex Suite meeting platform, the meeting policy for Grab Presenter only applies if the user is the host.
  • When launching the Webex App through Safari or Firefox, if Video or VoIP is disabled, the user can still send or receive Video and VoIP.

Known issues for Webex devices

When administrators disable Whiteboards, Closed Captioning, or Recordings, these features are blocked on devices, but the error message doesn’t show the reason for the block for Webex App meetings on the Webex Suite meeting platform.

  • Features are blocked based on the user policy for personal mode devices.
  • Features are blocked based on the meeting policy for shared mode devices.

Known issues with older client versions

We recommend that you upgrade the Webex App for the Webex Suite meeting platform to the client version WBS 43.6 or above, so users get the best experience with collaboration features. If users are on an older client version, then some collaboration features may not be available or may work incorrectly.