Users are at the heart of most organizations, and keeping them productive is key to a successful business. Support personnel can remotely administer computers within their organization to help address user issues. In addition to telephone and chat support, you can use various tools to see what the users see and even take control of their interfaces.
You need to understand the different utilities you can use to securely troubleshoot your hardware while also securely managing and supporting it. This skill will explore the various tools and utilities available to manage your devices remotely.
This skill covers how to:
- Configure Remote Help in Intune
- Configure Remote Desktop on a Windows client
- Configure the Windows Admin Center
- Configure PowerShell remoting and Windows Remote Management (WinRM)
Configure Remote Help in Intune
Remote Help is a new cloud-based solution that help desk operators can use to remotely and securely connect to a user’s device. Connections use role-based access controls to ensure that support staff (helpers) can securely access (sharers) devices and that proper Azure Active Directory (Azure AD) trusts are established for the Remote Help sessions.
Support users are classed as helpers, and users that receive remote help are referred to as sharers. Helpers can view the sharer’s device’s display, and if permitted by the sharer, they can take full control to make configurations directly or take actions on the device.
Remote Help uses Intune role-based access controls (RBAC) to set the level of access that a helper is permitted. Through RBAC, administrators can determine which users can provide help and the level of help they can provide. Both devices enrolled and not enrolled with Intune can use the Remote Help app. For devices enrolled in management, the app can the deployed by Intune. The Remote Help app supports the capabilities shown in Table 1-15.
TABLE 1-15 Remote Help capabilities
| Capability | Description |
| Remote Help capabilities and requirements | Remote Help is disabled by default. Remote Help can be enabled tenant-wide. Once enabled, Remote Help is available to users authenticated in the tenant. |
| Use Remote Help with unenrolled devices | Disabled by default, you can choose to allow help to devices that aren’t enrolled with Intune. |
| Requires Organization login | To use Remote Help, both the helper and the sharer must sign in with an Azure AD account from your organization. You can’t use Remote Help to help users outside of your organization. |
| Compliance Warnings | A compliance warning will be displayed if a device is not compliant with its assigned policies. This warning doesn’t block access, but helpers should know the risk of using sensitive data during the session. |
| Role-based access control | Admins can set RBAC rules that determine the scope of a helper’s access and define the range of actions they can do while providing help. Includes view only and being able to run elevated privileges while helping. |
| Elevation of privilege | A helper with the correct RBAC permissions can accept the UAC prompt on the sharer’s machine to enter credentials to achieve administrative permissions. |
| Monitor active Remote Help sessions, and view details about past sessions | You can view reports detailing active and prior sessions in the Microsoft Intune admin center. |