Microsoft Intune Remote Assistance Tool: Seek Help from the Comfort of Your Remote Workplace
Organizations have been coping with remote work since early 2020, and we can’t say it’s been easy. There are challenges that come with a completely digital workplace and managing technical issues while being away from the confines of the office adds a few more hurdles. Microsoft has come up with a solution to alleviate this pain point for organizations by announcing Remote Help.
What is Remote Help by Microsoft?
Remote Help is a capability available within Microsoft Endpoint Manager (Intune) to help tackle technical problems on employee devices remotely, rather than onsite. The cloud-based remote assistance solution empowers helpdesk to support users of Windows devices. The remote help app can be installed on both devices enrolled with Intune and devices that aren’t enrolled with Intune. Administrators can also deploy the app through Intune to managed devices.
Remote help is a much-needed tool that has been introduced in the nick of time to manage and boost efficiencies for remote and hybrid work environments. The number of organization-owned and personal devices being used for work has risen since the pandemic. The need for remote assistance was introduced to support and enable helpdesk associates to provide timely support remotely.
The new Remote Assistance tool from Microsoft works with Intune to enable helpdesk associates to view and/or control employees’ Windows devices so they can quickly troubleshoot and securely investigate technical issues over a remote connection.
How Does Remote Help Work?
Remote help uses role-based access controls (RBAC) in Intune to set the level of access a helper is allowed. Through RBAC, administrators can determine which users can provide help and the level of help they can provide.
Microsoft has added four advanced features within Remote Help:
- Role-Based Access Control (RBAC) and Permissions: RBAC and permissions define who is authorized to support which user or groups of users.
- Elevation of Privilege: Administrators can determine if a helpdesk associate has the authority to utilize local admin privileges to troubleshoot a device or does the task permission needs to be elevated.
- Compliance Warnings: Helpdesk associates receive alerts if a device is not compliant and poses a security threat to the organization. This is a powerful capability that helps to keep security risks at bay. Although compliance warnings do not block access to the device, it does provide transparency. Not to mention, all unenrolled devices report as non-compliant.
- Reporting and Monitoring: The reporting feature flags recurring issues and any suspicious activity on the device. In the Endpoint Manager admin center, you can view reports that provide details about the helper and sharer/user of each assistance, the device that received assistance, and the start and end time of the remote assistance session. You can also find details about ongoing help sessions.
- Assisting Unenrolled Devices: Although disabled by default, you can enable help to devices that aren’t enrolled with Intune.
- Log Files: The Remote help app logs data during installation and during remote help sessions, which can come in handy when investigating any issues with the application.
It’s imperative to mention that unenrolled devices have limited capabilities when it comes to auditing and reporting on remote help sessions.
How Can IT Administrators and Helpdesk Associates Utilize the Remote Help App?
The RBAC and Permissions features allows administrators to set parameters and define the actions that may be taken during a remote help session based on the helpdesk associate’s role. Admins have the power to set permissions in Microsoft Endpoint Manager and limit the ability to the following:
- View-only permission
- Provide full control permission
- Granular option to take full control of the device and enter administrative credentials to perform necessary actions, known as elevation.
In addition, administrators can set up support tiers of associates’ that define the group of users they get to assist. You can set this up in multiple ways, for example, you can set tiers based on levels of permissions made available to associates like those defined above or base them on user group parameters such as a particular tier serves a specific department of the organization.
Remote help’s elevation capability empowers helpdesk associates to improve the remote work setup of employees. The work from home set-up requires additional software and peripheral devices such as keyboards, printers, mice, etc. But employees do not always have permission to add drivers to their device, in which case, the helpdesk associate can conveniently step in and elevate – use local admin credentials and install any required software remotely.
Creating a Trustworthy Engagement with the Remote Help App
Starting a help session is just as simple as establishing a safe connection. You can simply start the session through your Windows App. All you need to do is ensure you have remote assistance enabled in the Microsoft Endpoint Manager admin center.
Not only do users have the ability to start a session, but a helpdesk associate or IT administrator can do it too. With the RBAC and permissions in Microsoft Endpoint Manager, the tech side can initiate the session. This gives them the power to bring a device into compliance. Let’s not forget the compliance warning feature which alerts helpdesk associates when connecting with a non-compliant device. It even shows a warning banner that reminds them to proceed with caution while engaged in the remote help session.
Multiple checkpoints are established in Microsoft Endpoint Manager to ensure the right associate is connected to the user. For a secure connection, the helpdesk associate generates and shares a code with the user. The user then enters this code in their instance of remote help to establish a secure connection to your remote help instance.
Another security checkpoint included with remote help is the users’ ability to view more information about the assigned associate such as job title, photo, name, company name, and domain to build that trust and so that users are aware of who is accessing their device. In fact, associates can also see the profile of users that they are connecting with. With both parties having complete information, they both have the power to end the remote help session at any point. Once the session has ended, the sharer is automatically signed out of their device as a security precaution to ensure all connections between the devices close.
Pro tip from Microsoft: Ensure that the device user saves any active work before a remote help session ends to avoid an unexpected loss of work.
Reaping the Benefits of Microsoft’s Remote Help App for Intune
By exploring the features and functionalities of the remote help tool, we have established some clear-cut benefits.
• The remote help service keeps employees productive in times of need. The impact of lost productivity due to technical issues is greatly reduced as the staff has convenient access to the right assistance as and when required.
• Not only is the assistance provided by the remote help app easy to access but it is also highly secure. Given that the Remote Help App is integrated with Microsoft Endpoint Manager and advanced compliance capabilities, you can rest assured you are enabling secure remote support.
• The remote work infrastructure is here to stay and with hybrid work becoming the norm, the Remote Help App will go a long way in supporting an efficient work environment.
The Remote Help App is now available in preview in Endpoint Manager and Microsoft will roll out the functionality for general availability later in 2022. Here are the prerequisites for using remote help:
• Intune subscription
• Windows 10/11
• Devices must install the remote help app which is available directly from Microsoft.
The remote help app is easy to install, and it must be downloaded on each device before users can participate in remote help sessions. In addition, Intune admins have the authority to download and deploy the app to enrolled devices. Organization login is a key element of utilizing the remote assistance tool by Microsoft. Thus, both the device user and helping associate must sign in from the Azure Active Directory account of your organization. Those who are not members of the organization cannot use the remote help feature.
Fully Protect Your Organization’s Data and Identity
Upgrade your existing environment with compliance support. Protect your organization’s endpoints and devices against security breaches with Steeves and Associates Endpoint Management Implementation.
Steeves and Associates offer a 3-day Endpoint Management workshop to provide your team with Endpoint Management best practices so that your organization is fully equipped to manage users’ devices, apps, and identities from anywhere. Get in touch with us to learn more about the workshop or for further assistance with Microsoft Endpoint Manager or the Remote Help App at info@steeves.net.