Quick Assist is a tool in Windows 10 1607 and later that replaces Remote Assistance. It allows you to control a user's computer remotely using a Microsoft account. In this post, you will learn how to use and block or remove Quick Assist.

In short, on the machine that is to get remote help with Quick Assist, the user enters the six-digit code that the person offering remote control tells them over the phone, for instance. Then the remote-control session starts.

I recently presented on how to customize Windows 10 at events like the Midwest Management Summit (MMS) in Minneapolis, Techdays Sweden, and Techorama in Belgium. One thing that strikes me every time I explain how to block or remove Quick Assist in Windows 10 is that many people have never heard of Quick Assist. There also isn't much documentation available.

How to use Quick Assist

Launch Quick Assist on the machine you want to offer remote control from.

Starting Quick Assist

Starting Quick Assist

Select Give assistance and sign in using a Microsoft account.

Offer assistance

Offer assistance

You will then get a code that is valid for 10 minutes. You can also send an email or copy the code to the clipboard.

Share security code

Share security code

On the computer to remote control, we launch Quick Assist and then select Get assistance and enter the code generated above.

Enter security code

Enter security code

Then we need to agree to allow the person who created the code to remote control the machine.

Share your screen

Share your screen

After allowing remote control to take place, we can now remote control the machine.

Quick Assistance on the desktop

Quick Assistance on the desktop

The person remote controlling the other machine has a nice little menu in the upper right corner with options like Fit Screen, Select Monitor, launch Task Manager, and more.

Quick Assist menu

Quick Assist menu

It works well and smoothly. The person with the remote-controlled machine can pause the screen sharing, for instance, to enter a username or a password.

How Quick Assist communicates

All traffic is client-initiated, so it works great on networks using network address translation (NAT) and in Hyper-V virtual machines (VMs) using shared internet connections. Essentially, it never fails. When Quick Assist starts, it contacts the address remoteassistance.support.services.microsoft.com and then receives the host IP that services this session. The query from the client looks like this:

"Query Operation, QResult: NoError, Query ID: 0xD8DB, OpCode: NoError, Query Name: remoteassistance.support.services.microsoft.com, RR Type: A, RR Class: Internet, Answers: []"

Quick Assist uses port 443, so you needn't open any additional incoming ports.

How to remove or block Quick Assist

Should you block or remove Quick Assist? Every organization has to make this decision. For some, Quick Assist is a great feature to offer remote assistance to road warriors wherever they are. For others, Quick Assist poses a risk. Hackers could simply call users and tell them their computers have viruses and require remote cleaning.

We can block Quick Assist in many ways. However, there is no Group Policy for this purpose as there is for Remote Assistance. I also miss the ability to allow only specific accounts to offer remote control. It would also be great if Quick Assist created event log entries indicating a specific Microsoft account has remote controlled the machine.

To block Quick Assist, you can use Applocker, Windows Firewall, or simply remove it. Quick Assist is not a required Windows feature; it is an optional Windows feature also called Windows Capability. The Settings app lists it under Manage optional features:

Microsoft Quick Assist is an optional feature

Microsoft Quick Assist is an optional feature

If you want to remove Quick Assist, you cannot simply uninstall it using the Remove-Appxpackage PowerShell cmdlet as we do with built-in modern apps. Instead, you have to use Remove-WindowsCapability as shown below:

Subscribe to 4sysops newsletter!

Remove-WindowsCapability -online -name App.Support.QuickAssist~~~~

Many think that Microsoft Quick Assist is a modern app, but it is actually an .exe file located at %windir%\system32\quickassist.exe. This means we can block it using Windows Firewall or Applocker. Removing it is the cleanest option, as it removes it from Search and the Start menu as well. If you just block Quick Assist, users can still start it and then contact support if the tool isn't working as expected.

  1. Avatar
    Chris 6 years ago

    I am assuming these security enhancements to Quick assist have been put on a wish list for MS?  I don’t understand why this would not have been thought of when things like security for RDP is put into place even having a policy to only allow certain users and even subnets to allow RDP.  I know that the old remote assist was tied to RDP so there was some security, has anyone tested to see if perhaps those rules still apply?  Or perhaps Quick assist is just an entirely different beast needing totally separate GPO rules?


  2. Avatar
    Steve 4 years ago

    What about TeamViewer?  What are your thoughts?

  3. Avatar
    John Dillian 4 years ago

    Is there a way for the support person to elevate and provide credentials into the UAC prompt

    • Avatar
      Leos Marek (Rank 4) 4 years ago

      I think that is possible but you would need to disable the switch to secure desktop for UAC in advance (via GPO or secpol.msc). Its the same as in Teams remote share I guess. 

  4. Avatar
    Peter 4 years ago

    It's crazy that they would create this security hole without any security controls around it.

    Remote Assistance works great as a remote desktop sharing for support purposes, and it already has controls in place in GPO for enabling/disabling it and the local group membership controlling who can use it.

    If they needed this tool to get around a firewall problem, why didn't they build it to use the same controls as the existing msra solution?


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account