Zoom Reports Connector (via Codeless Connector Framework)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | ZoomReportsConnector |
| Publisher | Microsoft |
| Used in Solutions | ZoomReports |
| Collection Method | CCF |
| Connector Definition Files | ConnectorDefinition.json |
| CCF Configuration | PollingConfig.json |
| CCF Capabilities | JwtToken, Paging |
The Zoom Reports data connector enables you to ingest Zoom Reports data into Microsoft Sentinel through the Zoom REST API v2, allowing you to monitor and audit Zoom usage across your organization. This connector uses server-to-server OAuth account credentials for authentication and supports ingestion of multiple report types including Daily Usage Reports for meeting statistics and usage metrics, User Reports for active/inactive user host information, Telephony Reports for telephony usage statistics, Cloud Recording Usage Reports for cloud storage and recording usage, Operation Logs for administrative operations and audit trail, and Activity Logs for user sign-in/sign-out activities. Each report type is collected in a separate polling configuration with automatic pagination support using NextPageToken. The data connector is built on Microsoft Sentinel Codeless Connector Platform and supports DCR-based ingestion time transformations for optimized query performance.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
ZoomV2_CL |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): Read and Write permissions are required.
Custom Permissions: - Zoom API access: Access to Zoom REST API v2 with account credentials
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Zoom Configuration
Configure Server-to-Server OAuth App and gather credentials
Step 1: Set up Zoom Server-to-Server OAuth App, follow Create an app.
Please make sure to add Reports related scopes to your app:
-
report:read:list_users:admin
-
report:read:cloud_recording:admin
-
report:read:daily_usage:admin
-
report:read:operation_logs:admin
-
report:read:telephone:admin
-
report:read:user_activities:admin
For more information, see Zoom Server-to-Server OAuth Documentation and Reports APIs.
Step 2: Get Your App Credentials
Find your app credentials (Account ID, Client ID and Client Secret) on your Personal app management page on the Zoom App Marketplace
Security Notes
-
Store Account ID, Client ID and Client Secret securely
-
Regularly rotate credentials for enhanced security
- Client ID: Zoom App Client ID
- Client Secret: (password field)
- Account ID: Your Zoom Account ID
- Token Base URL: https://zoom.us/oauth/token
- API Base URL: https://api.zoom.us/v2
2. Connect
Enable the Zoom Reports connector
Activate the Connector
Review your Zoom App credentials found in Step 2, then enable the connector to begin collecting Zoom Reports data.
Monitoring
Check data arrival using these queries:
Check all report types:
ZoomV2_CL
| where TimeGenerated > ago(30m)
| summarize Records = count() by EventType
Check specific report type:
ZoomV2_CL
| where EventType == 'dates'
| where TimeGenerated > ago(1h)
| limit 10
Monitor connector health:
ZoomV2_CL
| where TimeGenerated > ago(24h)
| summarize LastRecord = max(TimeGenerated), RecordCount = count() by EventType
| order by LastRecord desc
- Click 'Connect' to establish connection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊