Welcome to my Intune Suite series. In this series I will go over the features that are part of the Intune suite piece by piece. We will start with remote help. Every good device management tool has a remote support solution. To meet this use case microsoft has introduced remote help. In this post I want to show you how to implement and use this tool.
What is remote help
Remote Help is a cloud-based solution that provides secure help desk connections with access controls based on users’ RBAC roles. Intune role-based access controls (RBAC) are used to determine the level of access a supporter is allowed. This allows your support staff to remotely connect to the user’s device and view the device’s display. With the device user’s permission, support staff can also take full control of the device, allowing them to make configurations or perform actions directly.
This feature is available for Windows 10/11 users. Both supporter and user are authenticated through Azure Active Directory (Azure AD), which sets up the appropriate trust for remote help sessions.
The Remote Help app can be installed on devices that are registered with Intune as well as devices that are not. In addition, the app can be deployed to your managed devices through Intune.
Remote help vs. Quick assist
| Quick Assist | Remote Help | |
| Installation | Build-in in Windows | Needs to be installed or distributed via Intune (works also on unmanged devices) |
| Price | Free | Needs an premium Add-On License |
| Security | Only connection code | – permissions RBAC and based on department and geography – authentication thought AAD – connection code – compliance policy check |
| UAC | Not visible | Visible for the supporter |
| Reporting | No | Insights into helper effectiveness, endpoint health, helps identify suspicious activity, data about session duration, devices, and participants can help surface trends or help with investigating anomalies. |
| Integration | No | Integrated in Intune |
| Platform | Windows | Windows + Android |
Prerequisites
- Windows 10 or 11 devices
- Intune Remote Help License: You have to assign the license to the user and the supporter
- RBAC Permissions for Remote Help Solution
- Network prerequisites: Remote Help communicates over port 443 (https) and connects to the Remote Assistance Service at
https://remoteassistance.support.services.microsoft.comby using the Remote Desktop Protocol (RDP). The traffic is encrypted with TLS 1.2. In addition the following urls are needed:
| Domain/Name | Description |
|---|---|
| *.aria.microsoft.com | Used for accessibility features within the app |
| *.events.data.microsoft.com | Microsoft Telemetry Service |
| *.monitor.azure.com | Required for telemetry and remote service initialization |
| *.support.services.microsoft.com | Primary endpoint used for the Remote Help application |
| *.trouter.skype.com | Used for Azure Communication Service for chat and connection between parties |
| *.aadcdn.msauth.net | Required for logging in to the application (AAD) |
| *.aadcdn.msftauth.net | Required for logging in to the application (AAD) |
| *.edge.skype.com | Used for Azure Communication Service for chat and connection between parties |
| *.graph.microsoft.com | Used for connecting to the Microsoft Graph service |
| *.login.microsoftonline.com | Required for Microsoft login service. Might not be available in preview in all markets or for all localizations |
| *.remoteassistanceprodacs.communication.azure.com | Used for Azure Communication Service for chat and connection between parties |
How to install the remote help app
The best way to distribute the remote help app is via a win32 app as intunewin file. How you can create such a file is explained in this blog post. For the installation command you can use the following command remotehelpinstaller.exe /quiet acceptTerms=1 and for the deinstallation you can use remotehelpinstaller.exe /uninstall /quiet acceptTerms=1.
Here I will show you how you can install the remote help manual:
- Download the latest version of Remote Help direct from Microsoft at aka.ms/downloadremotehelp.
- Execute the Remotehelpinstaller…..exe (Admin permissions are needed)
- Accept the License Terms and click Install
- Wait until the installation is done
- Click Launch
As an other way you can also open a cmd as admin and navigate to the path and run the following command: remotehelpinstaller.exe /quiet acceptTerms=1 (It could be that the .exe name is different and you have to adapt the name in the command)
How to activate remote help in intune
- Open the Intune Portal
- Navigate to Tenant administration -> Remote Help
- Select Settings -> Configure
- Enable Remote Help and click Save
- Navigate to Tenant administration -> Roles -> Help Desk Operator
- Select Assignments -> Assign
- Enter an name and click Next
- Select a group for administrate the assignments
- Click Next
- Select the group/s who should get the role
- Click Next -> Next -> Create
How to start a connection
The firsts steps are similar for the user and the admin
- Open remote help via the start menu
- Click Sign in
- Click Accept
- As supporter select Get a security code below of Give help
- Remote help generates and security code that you have to share with the user who need the support.
- The user can insert this security code in the Security code for assistant column
- Click Submit
- As supporter select full control to take control or view screen to only get view permissions
- As user you have to allow the connection
A other way to launch remote help for the supporter:
- Open the Intune console and navigate to the device
- Select New remote assistance session
How to use remote help
When a session is established you have multiple actions in the top bar. In the picture you can see the purpose of the different buttons. In addition you also have the user mode on the to to see if you have admin or user permission.
More informations
When the device is not compliant you get a information about this state.
- In Tenant Administration -> Remote Help you find an reporting of the total sessions and active seassions
Modern Device Management 