Use Remote Help
Remote help is a tool included in Microsoft Intune, he permit to get assistance at user connected on Windows 10 computer enrolled in Microsoft Intune. Microsoft Intune subscription is required. The workstation must perform Windows 10 or Windows 11. Very important ! Remote help app must be installed on the workstation.
Network Prerequisites
The tool Remote help use port 443 for communicates and connects to the Remote Assistance Service at https://remoteassistance.support.services.microsoft.com. Note that traffic is encrypted with TLS 1.2. All workstation (helper and sharer) must be access to the following endpoint.
- *.support.services.microsoft.com
- *.resources.lync.com
- *.infra.lync.com
- *.latest-swx.cdn.skype.com
- *.login.microsoftonline.com
- *.login.microsoftonline.com
- *.aria.microsoft.com
- *.api.support.microsoft.com
- *.vortex.data.microsoft.com
- *.channelservices.microsoft.com
Create application on Intune
You can use this this link for download Remote Help application.
Create folder and copy the file previously downloaded.
On my Github , download the tools for create win32 App package. This package will be uploaded on Microsoft Intune.
open Command Prompt and run the following command for create Win32 App package.
IntuneWinAppUtil.exe -c "Source Folder" -s "Source Setup file" -a "Output Folder"
- -c : for the source folder
- -c : for the source Setup file (path and file)
- -a : for the output folder. This folder contain the package file.
The package has been created.
From the Intune portal, click on Apps, All apps then on Add.
Select Windows app (Win32) then click on Select.
Click on Select app package file and select the file previously generated file.
Enter name, description and publisherfor the application. Click on Next.
Enter the following install command line and uninstall command line. Leave the other option by default and click on Next.
Install command line : remotehelpinstaller.exe /install /quiet acceptTerms=Yes
Uninstall command line : remotehelpinstaller.exe /uninstall /quiet acceptTerms=Yes
Configure the Operating System architecture and the Minimum operating system to meet your environment.
Select Manually configure detection rules and click on Add.
Configure the detection rule as below.
Path : C:\Program Files\Remote help
File or folder : RemoteHelp.exe
Detection method : String
Operator : Greater than or equal to
Value : 10.0.10011.16384
I choose to deploy on all of my Windows 10 device. You can choose other group if you want.
Aplication has been configured.
Configure Remote Help
We can now enablme the remote help. From the intune portal, click on Tenant administration then on Connectors and tokens.
Click on Remote help then on Settings.
Enable the remote help tools then click on Save.
Configure permission
Before delegate permission, you need create user group. It’s very important to delegate permission at the user to respect the policy of least privilege. From the Intune portal, click on Groups then on New group.
Enter the desired name and click on No members selected.
Add users that you want delegate permission then click on Create.
From the Intune portal, click on Tenant Administration then on Role.
Click on Create to create new role.
Enter the name and click on Next.
Expand Remote help app and configure permission. Click on Next.
Click on Create for create the new role. The role has been created.
Click on the role then on Assignments for delegate the permission then click on Assign.
Enter the name and click on Next.
Click on Add groups then select the previously created groups.
You need to choose the scope. In my lab I choose to include all devices.
The assignments is now been configured.
Use Remote Tools
From the workstation where the tool has been installed, click on Remote help.
Click on Sign in for enter user credential.
Click on Sign in for enter user credential then click on Accept.
Tools has been configured.
Test Remote Help Tools
For test remote help tools, I have installed on my Windows 10 computer the tools. The computer is member of Active Directory domain. My user who need help is configured in Azure AD Join domain.
From my Windows 10 computer, open Intune portal and select the device. Click on New remote assistance session.
Click on Launch Remote Help, the remote tools appear. Click on Get a security code to obtain the code.
From the computer where the user who needs help is logged in, access the Remote Help tool and enter the code.
Connection is in progress….
Connection is in progress….
User must select Take full control or View screen for take control on the desktop.
The connection is now made and the user has access to the computer.