This is just the beginning! Currently, Remote Help on macOS only supports session viewing, but it's poised to become an indispensable resource for delivering secure and effective tech support.
In today's digital age, remote assistance has become an essential tool for providing technical support to users. Microsoft Intune offers a powerful solution for secure help desk connections through its Remote Help feature. Designed specifically for macOS users, Remote Help allows support staff to remotely connect to a user's device and provide assistance. In this comprehensive guide, we will explore the capabilities, requirements, and step-by-step instructions for using Remote Help on macOS with Microsoft Intune.
Remote Help is a cloud-based solution offered as an add-on to Microsoft Intune. It enables secure help desk connections with role-based access controls, allowing support staff to remotely connect to a user's device. In this context, users who provide help are referred to as "helpers," while users who receive help are called "sharers." Both helpers and sharers sign in to their organization's web app using Azure Active Directory (Azure AD) credentials.
During a Remote Help session, the helper has the ability to view the sharer's device display, enabling them to diagnose and resolve technical issues remotely. To ensure security and control, Remote Help uses Intune role-based access controls (RBAC) to define the level of access a helper is allowed. Through RBAC, administrators can determine which users can provide help and the extent of help they can offer.
Remote Help on macOS offers several key capabilities that enhance the support experience. These capabilities include:
Help users on unenrolled devices
By default, the Remote Help feature is turned off for devices not enrolled in Intune. However, as an Intune admin you can choose to enable this function for unenrolled devices as well. This adaptability allows for a broader spectrum of devices to receive support, irrespective of whether they’re enrolled in Intune or not.
Conditional Access
You can also take advantage of conditional access features when configuring policies and criteria for Remote Help. This functionality allows for more nuanced control over who is eligible for Remote Help and the specific conditions under which it can be accessed.
Compliance Warnings
Prior to initiating a Remote Help session, helpers receive a non-compliance alert if the device sharing the screen doesn’t meet the set policies. Although this warning doesn’t prevent access, it offers visibility into potential security risks, like the exposure of administrative credentials, that may arise during the session.
Chat during remote support session
Remote Help comes with an advanced chat function that keeps a running log of all messages sent and received throughout the session. This chat feature accommodates special characters and supports multiple languages, such as Chinese and Arabic.
Before using Remote Help on macOS, there are several general prerequisites that need to be met. These prerequisites include:
Remote Help depends on network connectivity to create and sustain secure links between helpers and those sharing their screens. Communication between devices happens over port 443 (https) and uses the Remote Desktop Protocol (RDP). For a smooth connection, the following endpoints must be reachable via port 443:
Domain/Name | Description |
---|---|
*.aria.microsoft.com | Accessible Rich Internet Applications (ARIA) service for providing accessible experiences to users |
*.cc.skype.com | Required for Azure Communication Service |
*.events.data.microsoft.com | Microsoft Telemetry Service |
*.flightproxy.skype.com | Required for Azure Communication Service |
*.registrar.skype.com | Required for Azure Communication Service |
*.support.services.microsoft.com | Primary endpoint used for the Remote Help application |
*.trouter.skype.com | Used for Azure Communication Service for chat and connection between parties |
*.aadcdn.msauth.net | Required for logging in to the application Microsoft Azure Active Directory |
*.aadcdn.msftauth.net | Required for logging in to the application Microsoft Azure Active Directory |
*.edge.skype.com | Used for Azure Communication Service for chat and connection between parties |
*.login.microsoftonline.com | Required for Microsoft sign-in service. Might not be available in preview in all markets or for all localizations |
*.remoteassistanceprodacs.communication.azure.com | Used for Azure Communication Service for chat and connection between parties |
*.turn.azure.com | Azure Communication Service |
*.remotehelp.microsoft.com | Primary endpoint for Remote Help Web App |
*.trouter.teams.microsoft.com | Allows for the Remote Help Web App to become directly addressable within the web browser |
*.trouter.communication.microsoft.com | Allows for the Remote Help Web App to become directly addressable within the web browser |
*.alcdn.msauth.net | Required to sign in to the application Microsoft Azure Authentication Library |
*.wcpstatic.microsoft.com | Used to confirm cookie compliance in accordance with various laws |
To request assistance as a sharer using Remote Help, you’ll first need to contact the support team to get the process started. Here’s a detailed guide on how to go about it:
As a helper, your role is essential in offering remote support to sharers. Here’s how to go about it step-by-step:
You can also configure Conditional access allows administrators to define policies and conditions for accessing Remote Help. By configuring conditional access, administrators can ensure that only authorized users can utilize Remote Help and that specific conditions are met.
While Remote Help is a powerful tool for remote assistance, there are a few known issues to be aware of. One such issue is that if the sharer exits a Remote Help session early, the helper may not be notified for 60+ seconds. Additionally, when using Microsoft Edge, the sharer may need to sign in to the browser before starting a session, or the device may be reported as unenrolled.
This is just the beginning! Currently, Remote Help on macOS only supports session viewing, but it's poised to become an indispensable resource for delivering secure and effective tech support. Whether you're on the receiving end of help or the one providing it, Remote Help promises a smooth and efficient support experience on macOS devices.