Many businesses use Microsoft Intune as part of Endpoint Manager for remote client provisioning, configuration, and management. However, until just a few months ago, remote help capabilities were missing from this endpoint management solution. This changed at the end of 2021 with the new remote help offering. Let's take a closer look at this feature.

Remote help is a new tool, currently in Preview, offered in Microsoft Endpoint Manager. It provides a cloud-based remote assistance platform for organizations to empower their helpdesks to support remote users securely and efficiently on Windows devices.

This feature allows helpdesk personnel to connect to, view, and control Windows devices. It helps IT quickly see and triage issues that remote end users may be experiencing. In addition to the traditional capabilities that remote help provides, Microsoft has built-in modern security and compliance features. These include the following:

  • RBAC capabilities—With remote help, IT can define which specific helpdesk team members are authorized to support end users using the remote help tool.
  • Elevated credentials authorization—With remote help, IT can define the elevation privileges of helpdesk associates for troubleshooting if these tasks involve using local administrative privileges.
  • Compliance visibility—Remote help can help identify devices that are out of compliance with organization compliance policies; these devices may pose a risk to the organization's cybersecurity posture.
  • Detailed reports—Identify devices with security issues and/or suspicious activity.
  • Unenrolled devices—IT admins can choose to allow assisting users on devices not enrolled with Intune.
  • Monitoring remote help sessions—With remote help, admins can monitor sessions.

Enabling the new remote help feature ^

The steps to enable the new remote help feature are straightforward. Admins need to log in to the Microsoft Endpoint Manager Portal and enable the new Remote help feature. To do that, Tenant administration > Remote help (preview). On the Settings tab, there are two areas of configuration:

  • Enable remote help
  • Allow remote help to unenrolled devices
Viewing the remote help settings in Tenant administration

Viewing the remote help settings in Tenant administration

Select the Enabled option for the Enable remote help setting. Then, make your selection for the Allow remote help to unenrolled devices option if needed.

Enabling remote help and allowing unenrolled devices

Enabling remote help and allowing unenrolled devices

Defining a custom role for remote help ^

As mentioned above, the remote help tool offers the ability to scope down who can use it and what capabilities they have. To see the possible permissions configuration for remote help and scope this to specific helpdesk staff, create a new custom role.

To do so, navigate to Tenant administration > Endpoint Manager roles > Create.

Creating a new Endpoint Manager role

Creating a new Endpoint Manager role

The Add Custom Role wizard is launched. First, name the new custom role. Then, define the permissions associated with the role. Below, we have enabled viewing the screen and performing elevation.

Define the remote help permissions in the new custom role

Define the remote help permissions in the new custom role

Once you complete the wizard, the role can then be applied to specific helpdesk personnel who need to access remote endpoints.

Using the remote help app ^

Once the feature is enabled and custom roles are created and applied to specific helpdesk users, you can use the remote help app to initiate a session. For example, you can navigate to an enrolled endpoint and select New remote assistance session.

Launching a new remote assistance session

Launching a new remote assistance session

Once you click the new remote assistance session option, the New remote assistance session blade pops out with a link to Launch remote help.

Launching the remote help app

Launching the remote help app

Sessions can be initiated from the remote help Windows app. It is available as a download from Microsoft and must be installed on each Windows device before the device can participate in a remote help session.

To establish a secure connection, the helpdesk associate generates a code from the app and shares the code with the user. The user is then prompted to grant permission to establish a secure connection with the helpdesk tech.

Concluding thoughts ^

Microsoft's new remote help app as part of Microsoft Intune is a great way for IT admins to assist remote end users on devices both enrolled and not enrolled in Microsoft Intune.

Subscribe to 4sysops newsletter!

Additionally, the core infrastructure of the solution is housed in the cloud, which makes connectivity much simpler and eases the burden of using the solution to assist users. However, users still need to install the remote help app on their devices. Admins can install this automatically for devices enrolled in Intune.

1 Comment
  1. Marc 5 months ago

    How does this compare to Quick Assist which is built in and free?

Leave a reply to Marc Click here to cancel the reply

Please enclose code in pre tags

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account