Intune RBAC Configuration for Remote Help Assistance Tool

Let’s learn how you can configure Intune RBAC to enable Remote Help and manage the permissions and actions of helpdesk associates during remote assistance sessions. Remote help is a cloud-based remote assistance solution that will empower helpdesks to support users of Windows devices more securely.

With the introduction of role-based access controls for remote help in Microsoft Intune, admins gain the ability to configure parameters and define permissible actions during remote help sessions based on the role of the helpdesk associate.

In Microsoft Intune, administrators can establish permissions to restrict sessions to view-only mode, grant the associate full control over a user’s device, or authorize the associate to enter administrative credentials for executing specific actions, commonly referred to as elevation.

By leveraging these permissions, administrators can exercise precise control over remote assistance activities, ensuring security and aligning with organizational requirements. In case none of these roles align with your specific requirements, you have the option to create custom Intune roles tailored to your scenario.

Patch My PC

Role-based access control (RBAC) enables Intune Administrators to manage and regulate the permissions granted to individuals for different Intune tasks within your organization. There is a set of twelve (12) predefined Intune roles available, known as RBAC roles.

Intune RBAC Configuration for Remote Help

The following steps help you to configure RBAC for Intune Remote help application, which is based on Quick Assist. This application helps to remove security concerns with the Quick Assist app. You can follow the guide to Install Intune Remote Help Application with Intune.

Adaptiva
Intune RBAC Configuration for Remote Help Assistance Tool Fig.1
Intune RBAC Configuration for Remote Help Assistance Tool Fig.1

In the All roles, you will find all the built-in roles, and created custom roles available in the tenant. The Help Desk Operators built-in role performs remote tasks on users and devices and can assign applications or policies to users or devices.

Intune RBAC Configuration for Remote Help Assistance Tool Fig.2
Intune RBAC Configuration for Remote Help Assistance Tool Fig.2

By default, the built-in Help Desk Operator role sets all of these permissions to Yes. You can use the built-in role or create custom roles to grant only the remote tasks and Remote Help app permissions that you want different groups of users to have.

Intune RBAC Configuration for Remote Help Assistance Tool Fig.3
Intune RBAC Configuration for Remote Help Assistance Tool Fig.3

In Endpoint Manager All roles, Click on Create and select Intune role from the appeared options.

Intune RBAC Role Configuration Fig.4
Intune RBAC Role Configuration Fig.4

On the Basics page, enter a name and description for the custom role, then choose Next. To modify the roles associated with a particular category, navigate to the “Permissions” page. When creating custom roles, you can enable the relevant permissions by selecting “Remote Help app” and toggling the switch to “Yes” to select the appropriate roles.

The following Intune RBAC permissions manage the use of the Remote Help app. Set each to Yes to grant the permission:

PermissionConfigureDescriptions
Take full controlYes/NoTake full control allows the helper to view and control the sharer’s device when remote help is enabled.
View screenYes/NoView screen allows the helper to view the sharer’s device when remote help is enabled.
ElevationYes/NoElevation allows the helper to enter UAC credentials when prompted on the sharer’s device when remote help is enabled. Enabling elevation also allows the helper to view and control the sharer’s device when the sharer grants the helper access.
Table 1 – Custom Role for Remote Help App
Intune RBAC Role Configuration Fig.5
Intune RBAC Role Configuration Fig.5

You can duplicate built-in roles to create, edit, or assign Intune roles. Here’s how you can duplicate Intune RBAC Roles. You can assign a built-in or custom role to an Intune user, choose the created role you want to assign > Assignments > + Assign.

Author

About Author – JiteshMicrosoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.