Intune Suite Part 1: Easy start with Remote Help

Welcome to my Intune Suite series. In this series I will go over the features that are part of the Intune suite piece by piece. We will start with remote help. Every good device management tool has a remote support solution. To meet this use case microsoft has introduced remote help. In this post I want to show you how to implement and use this tool.

What is remote help

Remote Help is a cloud-based solution that provides secure help desk connections with access controls based on users’ RBAC roles. Intune role-based access controls (RBAC) are used to determine the level of access a supporter is allowed. This allows your support staff to remotely connect to the user’s device and view the device’s display. With the device user’s permission, support staff can also take full control of the device, allowing them to make configurations or perform actions directly.

This feature is available for Windows 10/11 users. Both supporter and user are authenticated through Azure Active Directory (Azure AD), which sets up the appropriate trust for remote help sessions.

The Remote Help app can be installed on devices that are registered with Intune as well as devices that are not. In addition, the app can be deployed to your managed devices through Intune.

Remote help vs. Quick assist

	Quick Assist	Remote Help
Installation	Build-in in Windows	Needs to be installed or distributed via Intune (works also on unmanged devices)
Price	Free	Needs an premium Add-On License
Security	Only connection code	– permissions RBAC and based on department and geography – authentication thought AAD – connection code – compliance policy check
UAC	Not visible	Visible for the supporter
Reporting	No	Insights into helper effectiveness, endpoint health, helps identify suspicious activity, data about session duration, devices, and participants can help surface trends or help with investigating anomalies.
Integration	No	Integrated in Intune
Platform	Windows	Windows + Android

Prerequisites

Windows 10 or 11 devices
Intune Remote Help License: You have to assign the license to the user and the supporter
RBAC Permissions for Remote Help Solution
Network prerequisites: Remote Help communicates over port 443 (https) and connects to the Remote Assistance Service at https://remoteassistance.support.services.microsoft.com by using the Remote Desktop Protocol (RDP). The traffic is encrypted with TLS 1.2. In addition the following urls are needed:

Domain/Name	Description
*.aria.microsoft.com	Used for accessibility features within the app
*.events.data.microsoft.com	Microsoft Telemetry Service
*.monitor.azure.com	Required for telemetry and remote service initialization
*.support.services.microsoft.com	Primary endpoint used for the Remote Help application
*.trouter.skype.com	Used for Azure Communication Service for chat and connection between parties
*.aadcdn.msauth.net	Required for logging in to the application (AAD)
*.aadcdn.msftauth.net	Required for logging in to the application (AAD)
*.edge.skype.com	Used for Azure Communication Service for chat and connection between parties
*.graph.microsoft.com	Used for connecting to the Microsoft Graph service
*.login.microsoftonline.com	Required for Microsoft login service. Might not be available in preview in all markets or for all localizations
*.remoteassistanceprodacs.communication.azure.com	Used for Azure Communication Service for chat and connection between parties

How to install the remote help app

The best way to distribute the remote help app is via a win32 app as intunewin file. How you can create such a file is explained in this blog post. For the installation command you can use the following command remotehelpinstaller.exe /quiet acceptTerms=1 and for the deinstallation you can use remotehelpinstaller.exe /uninstall /quiet acceptTerms=1.
Here I will show you how you can install the remote help manual:

Download the latest version of Remote Help direct from Microsoft at aka.ms/downloadremotehelp.
Execute the Remotehelpinstaller…..exe (Admin permissions are needed)
Accept the License Terms and click Install

Wait until the installation is done

Click Launch

As an other way you can also open a cmd as admin and navigate to the path and run the following command: remotehelpinstaller.exe /quiet acceptTerms=1 (It could be that the .exe name is different and you have to adapt the name in the command)

How to activate remote help in intune

Open the Intune Portal
Navigate to Tenant administration -> Remote Help
Select Settings -> Configure
Enable Remote Help and click Save

Navigate to Tenant administration -> Roles -> Help Desk Operator
Select Assignments -> Assign

Enter an name and click Next

Select a group for administrate the assignments
Click Next

Select the group/s who should get the role
Click Next -> Next -> Create

How to start a connection

The firsts steps are similar for the user and the admin

Open remote help via the start menu
Click Sign in

Click Accept

As supporter select Get a security code below of Give help

Remote help generates and security code that you have to share with the user who need the support.

The user can insert this security code in the Security code for assistant column
Click Submit

As supporter select full control to take control or view screen to only get view permissions

As user you have to allow the connection

A other way to launch remote help for the supporter:

Open the Intune console and navigate to the device
Select New remote assistance session

How to use remote help

When a session is established you have multiple actions in the top bar. In the picture you can see the purpose of the different buttons. In addition you also have the user mode on the to to see if you have admin or user permission.