Getting started with Remote help with Intune and Microsoft Endpoint Manager


Remote help is the brand new and sought-after feature, which provides classic remote assistance capabilities (almost) natively to Windows. Remote help was announced during this years Microsoft Ignite, and started its public preview rollout last week.

Remote help is integrated with Microsoft Endpoint Manager, and this blog post serves as my first look into getting started and using this delicious new feature.

TL:DR: Find a short video recording of the Remote help workflow down in the post. 🙂

Configure Remote help

The first thing I did, and the first thing you probably want to do, is to enable the Remote help feature.

This is done via the Microsoft Endpoint Manager portal:

Head into Tenant administration and select Connectors and tokens as illustrated below:

From there, Remote help (preview) is automatically selected. Head into Settings and choose Enabled from the dropdown menu. Remember to Save your selection:


In order to be able to use Remote help, you will need to be assigned the proper permissions.

Locate and assign the required permissions via Tenant administration and Roles as illustrated below:

Remote help comes with 3 different permissions, which can be configured to suit your environment.

  • Take full control
  • Elevation
  • View screen

I’ve chosen to create unique roles for each of those permissions. See below illustration for inspiration:

In my scenario, I’ve kept it simple for now and assigned All devices to each role.

  • Notice the flexibility here. There’s almost unlimited options in how you design the roles, in terms of which users are able to offer remote help to what devices/users.

Deploying Remote help

My devices are being co-managed, and I’m still relying on Configuration Manager for some areas of the management. One of them being, is software delivery and deployment of software/things in general.

So for the sake of being different, I also chose to deploy this using a regular package/program using ConfigMgr.

Regardless of method you decide to use, Intune or ConfigMgr, you will need to download the Remote help binaries from here:

Create a package

Using ConfigMgr as I do, involves creating a package with the downloaded binaries as source files:

As well as creating a program installing the package:

  • The installation cmdline is: remotehelp.exe /install /quiet acceptTerms=Yes
  • The uninstallation cmdline is: remotehelp.exe /uninstall /quiet acceptTerms=Yes

Create a collection consisting of your pilot devices and deploy the newly created Remote help package/program to the collection:

Using Remote help

The usage of the Remote help app is split into two scenarios. The scenario where you need help or give help. In either scenario, you need to authenticate as the first step, and sign into the app using your organizational account, belonging to the tenant where Remote help is enabled:

When signed in, you will see the two scenarios mentioned above, dividing the app into two purposes: Get help and Give help.

Give help

Coming from a TeamViewer world, Remote help sort of works the opposite. When giving help, you are the one sharing a security code.

When selecting to ‘Get a security code‘, a code similar to below, will show and expire after 10 minutes:

Get help

When in need of help, the one offering the remote assistance, will provide you with the security code from above:

In Action

Click on the image below, to view a short recording of the workflow with Remote help:

Monitoring and reports

Remote help offers built in reporting capabilities, which I actually think is quite neat.

Especially the Remote help sessions area can you give some valuable information about the past 30 days. The data here is exportable to .csv and a spending a few seconds in Excel, you will know exactly what devices/users, that had the most Remote help sessions:



More Information

8 thoughts on “Getting started with Remote help with Intune and Microsoft Endpoint Manager”

    • There are elevation permissions which enables you to see UAC prompts. The only thing that bothers me with that, is that when the remote session ends, the user is logged off. This is done for security reasons, and is not that user friendly.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.