.png)
Prerequisites
- Intune subscription
- Remote Help add on license or an Intune Suite license for all IT support workers (helpers) and users (sharers)
- Windows 10/11
- The Remote Help app for Windows.(https://aka.ms/downloadremotehelp)
Network Requirement
Remote Help communicates over port 443 (https) and connects to the Remote Assistance Service at https://remoteassistance.support.services.microsoft.com by using the Remote Desktop Protocol (RDP). The traffic is encrypted with TLS 1.2.
Both the helper and sharer must be able to reach these endpoints over port 443:
| Domain/Name | Description |
|---|---|
| *.aria.microsoft.com | Used for accessibility features within the app |
| *.events.data.microsoft.com | Microsoft Telemetry Service |
| *.monitor.azure.com | Required for telemetry and remote service initialization |
| *.support.services.microsoft.com | Primary endpoint used for the Remote Help application |
| *.trouter.skype.com | Used for Azure Communication Service for chat and connection between parties |
| *.aadcdn.msauth.net | Required for logging in to the application Microsoft Azure Active Directory (Azure AD) |
| *.aadcdn.msftauth.net | Required for logging in to the application Azure AD |
| *.edge.skype.com | Used for Azure Communication Service for chat and connection between parties |
| *.graph.microsoft.com | Used for connecting to the Microsoft Graph service |
| *.login.microsoftonline.com | Required for Microsoft sign in service. Might not be available in preview in all markets or for all localizations |
| *.remoteassistanceprodacs.communication.azure.com | Used for Azure Communication Service for chat and connection between parties |
| Allowlist for Microsoft Edge endpoints | The app uses Microsoft Edge WebView2 browser control. This article identifies the domain URLs that you need to add to the allowlist to ensure communications through firewalls and other security mechanisms |
Check for Licensing
From the Intune portal you can check the licensing.
- Access the Intune portal.
- Navigate to the Endpoint portal.
- Proceed to the Tenant Administration section.
- Select "Intune Add-ons" to check the licensing.
from here you can activate your trail.
Integrate Intune - Remote Help
- Access the Endpoint portal.
- Navigate to the Tenant Administration section.
- Choose "Remote Help" from the available options.
- Click on "Settings" and select "Configure.
Following Setting need to set
Enable Remote Help: Enable
Allowed Remote help to unenrolled Devices : Allowed
Disable Chat : No
RBAC Permissions for Intune Remote Help
- Access the Endpoint portal.
- Navigate to the Tenant Administration section.
- Choose "Roles" from the available options.
You can assign the "Help Desk Operator" or you can create a new Role. Select Create button to create new role. fill the below details
- Name : Provide a Name
- In the permission select Remote help and select necessary permission
- Elevation - Elevation allows the helper to enter UAC credentials when prompted on the sharer’s device when remote help is enabled. Enabling elevation also allows the helper to view and control the sharer’s device when the sharer grants the helper access.
- View Screen - View screen allows the helper to view the sharer’s device when Remote Help is enabled for all platforms we support.
- Take Full Control - For Windows and Android devices, take full control allows the helper to view and control the sharer’s device when Remote Help is enabled.
- Select next & Create.
- Select Assign and provide a name
- Admin Group - Add the admin group or helper group (Support team Group)
- Scope Group - you can add all users, All device or specific halpee group.
Deploy Remote help app though Intune
Frist you need to download below two setup
- Remote app for windows - (https://aka.ms/downloadremotehelp)
- Microsoft Win32 Content Prep Tool - https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool
- specify the source folder of the Remote app for windows location
- Specify the setup file - Example - remotehelpinstaller.exe
- Specify the output folder to export the intunewin file
- Catalog Select - No
exported location you ca see that intunewin has been created
- App Type : Windows app (Win32) and select
- Click Select App package and brouse the intunewin file we created previously
- file the app information as required & click next (publisher required to fill
- Install command - remotehelpinstaller.exe /quiet acceptTerms=1
- Uninstall command - remotehelpinstaller.exe /uninstall /quiet acceptTerms=1
Requirement tabs fill below
- Operating system architecture - 32 bit & 64 bit
- Minimum operating system - Windows 10 1607
Detection Rules tab fill below information
- Rules format - Manually configure detection rules and click +add
- Rule type - select File
- Path, specify C:\Program Files\Remote Help
- File or folder, specify RemoteHelp.exe
- Detection method, select String (version)
- Operator, select Greater than or equal to
- Value, specify the version of Remote Help you are deploying. For example, 10.0.22467.1000
- Leave Associated with a 32-bit app on 64-bit clients set to No
Setting up Conditional Access for Remote Help
Conditional Access for Remote help still in Preview. We need to enable it before we create the polices
- Install-Module -Name AzureADPreview
- Connect-AzureAD
- New-AzureADServicePrincipal -AppId 1dee7b72-b80d-4e56-933d-8b6b04f9a3e2
Create policy
- Access the Endpoint portal.
- Navigate to the Endpoint security section.
- Select Conditional Access
- then select Policy and Create New policy
Initiate a remote help session
- Access the Endpoint portal.
- Navigate to the Device section.
- Windows devices & open the Manage PPC
Supported features and scenarios
The following table shows the features and scenarios supported by each remote assistance option. A check mark (✅) indicates that the feature or scenario is supported, and a cross mark (❌) indicates that it's not supported.
Capghta
ReplyDelete