While many workplaces start to buzz with renewed activity, the 2022 Microsoft Work Trend Index survey reveals that 53% of people are likely to consider transitioning to hybrid in the year ahead.[1] This suggests that hybrid work is here to stay, and workers will need support at home, in the office, and on the frontline. As organizations adapt their help desk operations to this continued reality they must consider the balance of experience, access, trust, and oversight in any solution, especially for enterprise scale.
Effective today, our cloud-based remote assistance solution, remote help is generally available for Windows and you can easily get started from the Microsoft Endpoint Manager admin center. Since its introduction in preview, we have heard from customers about how crucial a secure, permission based tool is to support their hybrid workforce.
|
“The secure nature of remote help is what sets it apart from other options available. Preventing unauthorized remote device control is crucial for our business. Remote help's role-based permissions tightly integrated into their cloud management with Endpoint Manager helps do just that." |
In the race to support users remotely, many organizations may have improvised quick solutions. However trade-offs that may have been acceptable on short timelines are just no longer acceptable given the rising risk of cyber security breach.
When considering solutions for enterprise, there are important questions that must be asked of existing tools and processes for remote assistance through pc-to-pc connections.
Is it secure?
While the technical security configurations of a support tool may be sound, there's a human element of security to take into account, and that is trust. Is your support tool easy to spoof? Can it provide sharers and helpers alike with an easy indicator of trust? Does it support your Zero Trust security model with the principles to verify explicitly?
Is it conditional?
Inherent in many help desk scenarios is a need to take actions beyond users' current access controls permits – but elevating user permissions can introduce vulnerabilities into a system. A tool that allows the user elevation may not be appropriate. A tool that doesn't have controls on this functionality may be even more dangerous.
Managing permissions for remote control is highly important and required for Zero Trust security for least privilege access. Can these and other features be granted conditionally for certain helpers?
Is it available?
Some support tools are limited to VPN or on-premises access. Today's hybrid workplaces will benefit from true ‘over the internet' functionality to reach users.
And is the tool easy to deploy and access? Enterprise-scale operations can be hindered by friction in routine operations. From the administrative effort of rolling out new applications to the resources dedicated to learning new UIs, choosing the wrong support tool can increase the cost of ownership in hidden ways.
Microsoft answered these questions with remote help, a secure, cloud-based remote assistance tool that provides permission-based helpdesk-to-user connections. Drawing on the experiences and needs of diverse enterprises, remote help was developed with trust as the guiding principle.
Users can trust the experience
The endpoint is the new workplace in the hybrid world. Providing resolutions to users– delivered by the right helper, with the right permissions, at the right time – enhances that experience.
Remote help creates trust on both sides of the help equation, showing the user profile, photos, and domain verification for both parties upfront. This creates confidence in the sharer when granting remote access to a helper.
The confidence is created both ways – and reinforced by a remote help capability that provides a warning if a sharers' device is out of compliance with security policies. This notice can prevent helpers from inadvertently introducing risk through the remote connection – and with the right permissions, can afford them an opportunity to proactively resolve issues and bring a sharer's device into compliance. Additionally, real-time resolution to device compliance issues reduces future efforts for both the employee and IT.
Administrators can trust the technology
In addition to the experience that sharers can trust, remote help is built on technology that IT administrators can trust, too. Role based access controls (RBAC) within Endpoint Manager for remote help allow IT to determine which helpers can help which user groups or give view-only permissions, for example. Granular control over geography, department, and responsibility makes creating tiered service roles easier and more efficient for admins and helps maintain security.
Remote help also enables secure connections to be initiated from within Endpoint Manager so that IT administrators and helpers can take proactive remediation steps based on having visibility and control of their end user computing landscape in one place.
Remote help reporting offers insights into helper effectiveness, endpoint health, and helps identify suspicious activity. Data about session duration, devices, and participants can help surface trends or help with investigating anomalies.
The depth of administrative and reporting features in remote help, in addition to the emphasis on device compliance and security, replaces ‘make-do' solutions and workarounds: remote help is designed to be enterprise-grade.
As part of today's announcement and plan to launch premium endpoint management solutions, we created a new centralized experience to make it easier to learn about remote help and other premium add-ons as they become available. From there, Global or Billing administrators will be able to get started with a trial or add licenses in the Microsoft 365 admin center and come back to the Endpoint Manager admin center centralized Premium add-on page any time to check on the status of their trial or subscription.
Businesses can trust the value
Now generally available, remote help is available to organizations who are licensed for Microsoft Intune and obtain a trial or add-on license for each user. When evaluating the questions about remote assistance tools above – and comparing the answers provided by remote help, the value is clear:
- Remote help is integrated into Endpoint Manager for both cloud and co-managed endpoints that eases adoption, administration
- Supports enrolled and unmanaged devices, Windows 365 Cloud PC and Azure Virtual Desktops
- Permission based controls scoped for IT helpdesk roles, department, and geography
- Azure Active Directory Integration that enables user trust based on their corporate identity
- Device compliance checks prior to securing the connection mitigates risk and creates opportunities to proactively remediate vulnerabilities real-time, taking that burden away from employees
Since remote help launched in preview, customers shared insights and provided feedback which informed how we will continue to evolve remote help to meet enterprise needs. One example of this is the evolution of the experience for helpers to use their credentials to perform administrative tasks in real-time – feedback revealed opportunities to improve the experience while maintaining security – and these insights will be incorporated in an upcoming release of Endpoint Manager, see the FAQ below for more details. Another example is the need for remote help to be available across platforms, particularly to address the growing need to support the endpoints for frontline workers. We are pleased to announce that we will extend remote help to Android devices in a future release.
Our vision is to enable organizations to consolidate their mission critical endpoint management and security tools into a single solution. Remote help for Windows is the first of our new premium endpoint management solutions. We look forward to hearing more from our customers about what they think of the new centralized experience in Endpoint Manager and how remote help has simplified the way you manage, protect and modernize your end user computing landscape. Be sure to watch this Microsoft Mechanics video about using remote help for co-managed endpoints.
You can also learn more from the keynote and breakout sessions at the digital event, Windows Powers the Future of Hybrid Work, as well as the articles and resources provided below.
Further reading
- Windows powers the future of hybrid work
- New experience in Windows 11 and Windows 365 empower new ways of working
- Ease the burden of managing and protecting endpoints with Microsoft advanced solutions
- Remote help: enterprise-grade assistance tool now available
- Get current and stay current with Windows Autopatch
Frequently asked questions
What are the requirements to use remote help?
- License for Microsoft Intune as part of Enterprise Mobility+ Security E3/5, Microsoft 365 E3/5, or F3/5 or standalone
- Add-on license for remote help for users and helpers
- Windows 10/11 including Windows 365 Cloud PC.
- The remote help app for Windows
How is remote help different from Remote control in Endpoint Configuration Manager?
Remote help is a cloud-based solution that lets you help users, no matter where they are, even on bring-your-own or unmanaged devices.
Remote help is tightly integrated into Endpoint Manager, including providing role-based access control. Remote control does not have controls tied to different IT (administrator, security, helpdesk) roles.
Remote help provides user experiences that helps build trust between the helper and sharer by showing their Azure Active Directory (Azure AD) profile picture, full name, job title, company, and verified domain to each other to ensure that the person helping you can be trusted, based on strong authentication to the app.
Remote help uniquely ties into compliance, asserting to the helper if the device they are connecting to is non-compliant, so they can make informed security decisions.
In the future remote help will be cross platform. Android will be the next platform to be supported which will help organizations address the needs of people using Android devices such as frontline workers.
Is remote help dependent on Azure Active Directory (AAD) as an identity solution?
Remote help uses modern authentication through Azure AD for strong authentication and security which helps build trust. It ties into role-based access control engine in Endpoint Manager which ensures that the right people are helping the right users with the right permissions. Azure AD also can provide key security capabilities such as multifactor authentication.
Are there known limitations?
For unenrolled devices, auditing and reporting about the remote help sessions is limited.
When enabled, remote help is enabled tenant wide, both the helper and the user need to be in the same organizational tenant to establish remote help connections.
Remote help is not available to customers in the Government Community Cloud (GCC)
Remote help automatically logs the helpers off after a remote help session if the session elevation privileges were available regardless of whether the helper used their credentials to perform administrative tasks.
Why are you charging extra for remote help? What is the price of remote help?
Remote help is a cloud-based, enterprise grade solution integrated into Endpoint Manager with functionality that is available to organizations from providers in the market at an additional cost. The price for the remote help add-on from Microsoft is $3.50 per user per month.
Integrated into Endpoint Manager, Microsoft customers with licenses for Microsoft 365 E3 or E5 plans that include Microsoft Intune can purchase the add-on for remote help.
What if my organization has been using remote help in preview, what happens now that it's generally available?
Organizations using remote help in public preview have a 30-day grace period to evaluate options to either start a trial of remote help or purchase licenses for their users. Organizations can learn more details or add licenses through the Endpoint Manager admin center and use the process they are familiar with in Microsoft 365 admin center to add licenses. Organizations should also upgrade to the latest version of the remote help app to ensure they have the latest feature and security updates. To learn how visit https://aka.ms/RemoteHelpDocs.
How do I add licenses for remote help?
Administrators can learn about remote help in the Premium Add-on centralized experience in Endpoint Manager. Global or Billing administrators can then start a trial or purchase licenses through the Microsoft 365 admin center. This allows them to add the licenses they need for remote help and come back to Endpoint Manager anytime to view the status of their subscription.
When remote help for Android is available, will the license price change?
No, we do not plan to change the price of the license for remote help when we add more platforms or functionality.
[1] Source: Microsoft 2022 Work Trend Index Annual Report
Return to the Microsoft Endpoint Manager blog home. Join the conversation on Twitter at @MSIntune and LinkedIn.
Posted at https://sl.advdat.com/3uazYzlhttps://sl.advdat.com/3uazYzl
