Using QoS DSCP Marking

Quality of Service (QoS) DSCP Marking determines traffic classification for network data. This can be used to determine which network traffic requires higher bandwidth, has a higher priority, and is more likely to drop packets.

The default Zoom DSCP marking values are 56 for audio, 40 for video, and 40 for screen sharing. You can update audio and video values to allow a network administrator to adjust the priority for Zoom traffic on their network.

If your organization deploys Zoom through an MSI installation, the MSI must be re-deployed after configuring the DSCP markings. If the DSCP markings are ever changed, the MSI will need to be re-deployed.

Note: DSCP markings only apply to Zoom meetings. Zoom Phone only uses application-layer QoS.

This article covers:

• How to enable DSCP in Zoom
• How to set DSCP Marking through Group Policy

Prerequisites for using QoS DSCP Marking

• Zoom desktop client for macOS, IT Admin deployment (.pkg). 
• Zoom desktop client for Windows, IT Admin deployment (msi)

Note: If Zoom is deployed through the .msi installation, it will need to be run as administrator for the DSCP Marking to take effect. However, if you are using Group Policy to manage DSCP Marking, the client does not have to run with administrator privileges.  

How to enable DSCP in Zoom

To enable DSCP marking for all users in the account:

1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
2. In the navigation panel, click Account Management then Account Settings.
3. Click the Meeting tab.
4. Under In Meeting (Advanced), verify that DSCP marking is enabled.
5. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
6. (Optional) If you want to make this setting mandatory for all users in your account, click the lock icon , and then click Lock to confirm the setting.
7. Update and enter Audio and Video values.
8. Click Save.
   Note: These settings do not take effect with Windows clients installed using the EXE file. Windows clients must be installed using the MSI file (download Zoom client for IT admin). See mass deployment for Windows for more details.

How to set DSCP Marking through Group Policy

Due to changes by Microsoft, for the Windows client to be able to utilize DSCP Marking, the client must be run as administrator. However, the Windows client can be tracked by Group Policy QoS policies as an alternative method if the app is not running with administrative privileges. 

To set DSCP Marking through Group Policy:

1. Deploy the Zoom MSI client with Independent Data Ports enabled either by
   • Adding the variable to the installation string, EnableIndependentDataPort=1.
   • Adding the variable to the Group Policy Object for the Zoom app, “EnableIndependentDataPort”=dword:00000001.
     Note: For more information on deploying the Zoom client with this variable enabled, visit Mass Installation and Configuration for Windows.
2. Open Group Policy Management Console (GPMC) and edit your desired Group Policy Object (GPO).
3. Click Create new policy....
4. Name the policy.
5. Ensure that the Specify DSCP Value check box is selected, then set the desired DSCP value for Zoom traffic.
6. Click Next.
7. Under Only applications with this executable name, set the executable name to Zoom.exe.
8. Click Next.
9. Leave the default IP address settings and click Next.
10. Set the protocol to TCP and UDP.
11. Leave the default port settings and click Finish.
12. Deploy the new Group Policy and reboot the devices it is applied to.
    Once the Zoom Windows client is in a meeting, ensure that you see marked packets, which are being sent from the client to the Zoom meeting server.