macOS intune

Exploring Microsoft Intune's Remote Help on macOS: A Hands-On Guide

This is just the beginning! Currently, Remote Help on macOS only supports session viewing, but it's poised to become an indispensable resource for delivering secure and effective tech support.

7 min read
Exploring Microsoft Intune's Remote Help on macOS: A Hands-On Guide

In today's digital age, remote assistance has become an essential tool for providing technical support to users. Microsoft Intune offers a powerful solution for secure help desk connections through its Remote Help feature. Designed specifically for macOS users, Remote Help allows support staff to remotely connect to a user's device and provide assistance. In this comprehensive guide, we will explore the capabilities, requirements, and step-by-step instructions for using Remote Help on macOS with Microsoft Intune.


Introduction to Remote Help with Microsoft Intune


Remote Help is a cloud-based solution offered as an add-on to Microsoft Intune. It enables secure help desk connections with role-based access controls, allowing support staff to remotely connect to a user's device. In this context, users who provide help are referred to as "helpers," while users who receive help are called "sharers." Both helpers and sharers sign in to their organization's web app using Azure Active Directory (Azure AD) credentials.

During a Remote Help session, the helper has the ability to view the sharer's device display, enabling them to diagnose and resolve technical issues remotely. To ensure security and control, Remote Help uses Intune role-based access controls (RBAC) to define the level of access a helper is allowed. Through RBAC, administrators can determine which users can provide help and the extent of help they can offer.

Remote Help on macOS

Remote Help on macOS offers several key capabilities that enhance the support experience. These capabilities include:

Help users on unenrolled devices

By default, the Remote Help feature is turned off for devices not enrolled in Intune. However, as an Intune admin you can choose to enable this function for unenrolled devices as well. This adaptability allows for a broader spectrum of devices to receive support, irrespective of whether they’re enrolled in Intune or not.

Conditional Access

You can also take advantage of conditional access features when configuring policies and criteria for Remote Help. This functionality allows for more nuanced control over who is eligible for Remote Help and the specific conditions under which it can be accessed.

Compliance Warnings

Prior to initiating a Remote Help session, helpers receive a non-compliance alert if the device sharing the screen doesn’t meet the set policies. Although this warning doesn’t prevent access, it offers visibility into potential security risks, like the exposure of administrative credentials, that may arise during the session.

Chat during remote support session

Remote Help comes with an advanced chat function that keeps a running log of all messages sent and received throughout the session. This chat feature accommodates special characters and supports multiple languages, such as Chinese and Arabic.


Prerequisites for Remote Help on macOS

Before using Remote Help on macOS, there are several general prerequisites that need to be met. These prerequisites include:

Enable Remote Help


Network Requirements

Remote Help depends on network connectivity to create and sustain secure links between helpers and those sharing their screens. Communication between devices happens over port 443 (https) and uses the Remote Desktop Protocol (RDP). For a smooth connection, the following endpoints must be reachable via port 443:

Domain/NameDescription
*.aria.microsoft.comAccessible Rich Internet Applications (ARIA) service for providing accessible experiences to users
*.cc.skype.comRequired for Azure Communication Service
*.events.data.microsoft.comMicrosoft Telemetry Service
*.flightproxy.skype.comRequired for Azure Communication Service
*.registrar.skype.comRequired for Azure Communication Service
*.support.services.microsoft.comPrimary endpoint used for the Remote Help application
*.trouter.skype.comUsed for Azure Communication Service for chat and connection between parties
*.aadcdn.msauth.netRequired for logging in to the application Microsoft Azure Active Directory
*.aadcdn.msftauth.netRequired for logging in to the application Microsoft Azure Active Directory
*.edge.skype.comUsed for Azure Communication Service for chat and connection between parties
*.login.microsoftonline.comRequired for Microsoft sign-in service. Might not be available in preview in all markets or for all localizations
*.remoteassistanceprodacs.communication.azure.comUsed for Azure Communication Service for chat and connection between parties
*.turn.azure.comAzure Communication Service
*.remotehelp.microsoft.comPrimary endpoint for Remote Help Web App
*.trouter.teams.microsoft.comAllows for the Remote Help Web App to become directly addressable within the web browser
*.trouter.communication.microsoft.comAllows for the Remote Help Web App to become directly addressable within the web browser
*.alcdn.msauth.netRequired to sign in to the application Microsoft Azure Authentication Library
*.wcpstatic.microsoft.comUsed to confirm cookie compliance in accordance with various laws

To Request Help as a Sharer

To request assistance as a sharer using Remote Help, you’ll first need to contact the support team to get the process started. Here’s a detailed guide on how to go about it:

https://remotehelp.microsoft.com/quickconnect?passcode=p0uq6kjl

Providing Help

As a helper, your role is essential in offering remote support to sharers. Here’s how to go about it step-by-step:

You can also configure Conditional access allows administrators to define policies and conditions for accessing Remote Help. By configuring conditional access, administrators can ensure that only authorized users can utilize Remote Help and that specific conditions are met.

Video Tutorial

Known Issues

While Remote Help is a powerful tool for remote assistance, there are a few known issues to be aware of. One such issue is that if the sharer exits a Remote Help session early, the helper may not be notified for 60+ seconds. Additionally, when using Microsoft Edge, the sharer may need to sign in to the browser before starting a session, or the device may be reported as unenrolled.

Conclusion

This is just the beginning! Currently, Remote Help on macOS only supports session viewing, but it's poised to become an indispensable resource for delivering secure and effective tech support. Whether you're on the receiving end of help or the one providing it, Remote Help promises a smooth and efficient support experience on macOS devices.

Share This Post

Check out these related posts

Platform SSO for macOS: A Deep Dive into Configuration & Troubleshooting

Application Inventory: The Unsung Hero of macOS Security

Set Sail for Smooth Seas: Effortless Mac Enrollment with Intune