BLOG SERIES Intune Suite Part 2: Remote Help
Help I need somebody!!!
We've all faced the challenge of guiding a remote user through settings to fix something. Clear communication is essential, and being able to view the user's interface can reduce misunderstandings. Tools are available for remote assistance, allowing control over the user's interface.
Microsoft's solution to this issue is Remote Help, read this blog post about Remote Help as Part 2 of the BLOG SERIES about the Intune Suite, to know more about the capabilities of Remote Help.
PART 2: Remote Help
Remote Help
Microsoft's solution for remote assistance is Remote Help. Remote Help is integrated in the Intune Console which makes it's easier to interact with the clients managed from Intune and even for unmanaged clients by using a web application. It can show information about compliance upon starting a remote assistance session. The app also offers support for Conditional Access, so you can make rules for it.
In this blog post I will describe how to install the client, request and perform remote help form the web client and Intune console.
Remote Help is part of the Intune Suite and can alternatively be purchased as a standalone feature.
At this point the following operating systems are supported for Remote Help
- Windows
- macOS
- Android
Enable the feature
Remote help is disabled by default, so we need to activate this feature from the Intune portal. From the Intune Portal head over to:
1. Tenant Administration
2. Remote help
3. Settings
We can configure the following settings
- Enable Remote Help: Disabeld / Enabled
- Allow Remote Help to unenrolled devices: Not Allowed / Allowed
- Disable Chat: No / Yes
Make the necessary settings based upon your configuration.
RBAC Roles
After activating the feature, add administrator groups to enable its use. You can either use the built-in role or create a custom role with the following rights.
Category: Remote Help app
Permissions:
- Elevation : Yes/No
- View screen : Yes/No
- Take full control : Yes/No
- Unattended control : Yes/No
Category: Remote task
Permissions:
- Offer remote assistance : Yes/No
In this blog I will use the build-in RBAC role Helpdesk Operator. This role already has all the necessary rights. In a production environment I would recommend creating your own role with the necessary rights. You can even create different types of roles for this feature.
From the Intune Portal browse to the Roles:
Home > Tenant Admin > Roles
Select the Helpdesk Operator roles select Assignments and add a role assignment.
In the Basic tab you can give the role assignment a logical name.
In the Admin Groups tab, select the group of administrators you want to assign to this role, this is a security group. I already created the group Test Group - Remote Help Full Control.
The Scope Groups is interesting. You can assign the devices and or users that will be have an option to perform remote help to. When a device and or user isn't part of the scope, the remote helper won't be able to perform assistance.
When you are using the option to allow unmanaged devices, the scope all device won't cover this, you will need to add the users scope to perform assistance for unmanaged devices.
I will be using the all devices and all users, in a production environment I won't recommend this, make us of device and or user groups instead that you are already using in your organization.
With the role assignments and the correct settings in place, we can start enrolling the client to our platforms.
Remote Help Client
As mentioned before, the remote help client can be activated on different following platforms, read the Microsoft documentation in de documentations section fur further support for the devices. You can also make use off the web client, there is one for the helper and one for the requester:
Web client:
- Helper: (https://aka.ms/rhh)
- Requester: (https://aka.ms/rh)
Windows:
- App (trough Enterprise app catalog or Win32app)
- Web client
macOS:
- PKG client (manual of through Intune)
- Web client
- App (Google Play Store)
For Android the device must be a Samsung or Zebra device and it must be enrolled as Android Enterprise Dedicated.
In this blog I will show you how the push the client with as an Enterprise Catalog App, you will need the corresponding license, like Intune Suite or the standalone license for Enterprise App Management (EAM), you can read my previous blog to know more about EAM (LINK)
Head over the apps section in the Intune Portal
Home > Windows > Apps > Enterprise App Catalog App
Search for Remote Help and add the app to the corresponding group.
Perform and Request Help
There are two workflows for the Remote Help application.
- Helper
- Requester
The requests needs to be matched on both sides based on a unique number. Depending on the client (web or app) and or platform there will be a difference in the total digits required.
From the web you will need 8 digits from the app 6 digits. The macOS client also makes use of 8 digits Be aware of this.
To perform help you will need to know which client will be used to get the interaction otherwise the total digits won't match.
On macOS the app only can be used to request not to help. In Windows the app can be used as helper and requester. With this in mind, the requester will need to know from where the request is coming and either use the web client or the app for support.
I will demonstrate the flow from both sides the flow is the same for the web app and from the Intune console. I will show how to start a session from both apps. Good to know that Microsoft also has an interactive demo for Remote Help, see documentation section for the link.
FROM WEB:
With this flow only the screen can be viewed.
HELPER:
After logging in into the web app a security code is displayed, you need to exchange this security code to the requester.
Information about the requester is displayed, with the option to share the screen.
Depending on the device, information is displayed to the helper, is this case a notification is displayed that the requester is working on a device which is not enrolled in Endpoint Manager.
REQUESTER:
After logging in into the web app a security code is required to start the session. This code will be provided by the helper.
Information about the helper is displayed, with the option to allow the assistance.
The requester can choose which screen, a specific window, screen or entire screen will be shared.
FROM INTUNE CONSOLE
With this flow the screen and take control are available
HELPER:
Benefit of using remote help is that it is included in the Intune console, from there you will have to option to give remote assistance. The app is needed for this flow, so both the requester and helper must have the remote app installed. The flow is the same as the web client, so I will only show how to start a remote assistance.
Navigate to the devices in the Intune Portal:
Home > Devices
Select the device that requires remote assistance, select the three dots (...) for the menu and select New remote assistance session
The flow is starting now, a notification is send to the user, the user must approve this request before the support session is activated. The Helper must start the remote app form the console, accept opening the app by selecting Launch Remote Help.
The app is started and information about the user is displayed, the remote session can be started now.
REQUESTER: FROM APP
The user will receive a notification that a remote help assistance support is available
Accepting this notications will open the Remote Help app and the session is waiting for the helper to start
When the session is started the requester will see information about the helper and can start the session.
Recap
This blog article explores the potential of Remote Help as part of the Intune Suite. It's worth considering whether Remote Help could benefit your organization when Intune Suite is already used. While the web version is limited to screen sharing, the functionality remains widely applicable with a broad range of platform support. Are there better remote solutions, certainly, but the build-in functionality in Intune is a huge benefit.