Sign in Subscribe

Remote Help in Intune

Nicklas Olsen

4 min read
Remote Help in Intune

Introduction

Have you tried working with remote help before? If you are used to working with others such as TeamViewer, Anydesk, and Kaseya, this might be a different experience for you.

Let's take a look at it to see what it can and what it can't do!

Licensing

First of all, before we can start configuring remote help, we will need the correct license. There are really two options available. Remote Help is included in the Intune Suite license, where you have other add-ons available, such as EPM, enterprise app management, and more.

The last option is to buy remote help as a standalone add-on.

However, if you are looking into what the Intune suite can offer, I would recommend you start a trial.

Configuration

We've now taken care of the licensing, now it's time to start the configuration of remote help. This is definitely the interesting part!

  1. Navigate to the Intune portal and click on the tenant administration tab.
  1. You've probably already guessed the next step! Let's just head to the remote help tab.
  2. From here, make sure to click on settings.

By default, remote help is disabled, so before we can start utilizing it, we would have to enable it.

  1. Click configure and change "Enable Remote Help" to enabled. You will now notice that you have two new settings available.
  • Allow Remote Help to unenrolled devices
    • If you allow this setting, it will be possible to use remote help on devices that aren't enrolled in Intune.
  • Disable chat
    • It explains itself fairly well, it gives you the option to allow or disable the chat function in remote help.
In this picture, you can see the chat function in action.
  1. Once you have configured your settings, remember to click save!

That's the configuration for remote help, it's really simple, right?

App Deployment

Before you can start utilizing remote help in Intune, you will need to deploy it to your endpoints. Microsoft have created a guide on how to deploy remote help as a Win32 application.

End-User / Helpdesk Experience

Now you have configured remote help and deployed the application, it's time to test it. The end-user is calling the helpdesk and needs help with an application.

The helpdesk technician jumps in the Intune portal and quickly finds the end-users device. In the overview of the device, he press on the three dots.

He quickly finds and clicks "New remote assistance session". At first glance, he can see that the device isn't compliant with our policies.

Even though it isn't compliant, he clicks continue. It will now send a notification to the end-user device that needs to be accepted.

The helpdesk technician guides the user to open remote help, when that's done, he can click launch remote help and select whether he would like full control or only view the screen.

The helpdesk technician has requested full control, which the end-user would have to accept. If the request is accepted, the technician will be presented with this view.

Conditional Access With Remote Help

A simple configuration of remote help isn't enough, we would have to combine it with conditional access when we get the chance.

Before we can start the configuration of that, we would have to create a service principal. Microsoft has created a guide on service principal creation, so I won't cover the creation of that.

Now that you have created the service principal, it's time to create a policy.

  1. Head to the conditional access overview and click on create a new policy.

There are many options available for a policy. It could be that MFA is required, a compliant device, blocking specific countries, or restricting it to specific IP addresses.

In this case, I will go go ahead and require MFA.

  1. I will name my policy and assign it to a test group.
💡
As always when working with conditional access, remember to test it before activating it in production.
  1. Now to the resource that we would like to target. Change it to select apps, and search for RemoteAssistanceService.
  1. Next up is the grant option, here I will make sure to require multifactor authentication.
  2. Last but not least, decide whether the policy should be report-only or on.

A quick look at the sign-in logs shows that Adele has authenticated with MFA when using the remote help application.

My Experience

I have tested out remote help, and I like that the product is available within the Intune portal, so all the tools are available within one place.

However, there are limitations, these are some that I have faced so far.

  • CTRL+C / CTRL+V isn't available.
  • No redirection of keys, such as Windows key.
  • Waiting time before remote help becomes available after a device restart.

Conclusion

Thank you for reading this blog. I hope that you've gained knowledge on how remote help works.

I wish you a great day. 😊

Sign up for more like this.

Enter your email
Subscribe