I will bring up with 2 security features by a scenario.
Company A invites external user B to a lifesize cloud Virtual Room, the VR link is https://call.lifesizecloud.com/extension/****** (****** are actual extension number).
And set passcode to VR as well.
Feature 1. B got the invitation to this VR meeting, and remember the VR link and passcode. B could dial in as many time as he wants, even no on invites him. What's worse, B will use this VR link as a call bridge in their company as long as the passcode unchanged.
So the VR link pattern should be more secure, maybe with token added at the end of link, so that it could avoid external to make use of the resources.
Feature 2. Passcode to VR needs to be modified frequently on VR owner side, a forced warning to owner is necessary or a feature to force all VR owners to change the passcode.
So for Admins, it would be better that Admin could monitor all status about VRs, such as which VRs hasn't changed passcode, when is the last time passcode changed, etc and Admin could force all VRs to change passcode.
Feature 3. VR name template.
VR list will go wild and out of control since everyone could create unlimited VRs. and the names of VRs will be painful for all Admin and standard users if there is no naming convention when user create a VR. so its better idea to make a template or format on naming a VR.