Quick assist is a built-in remote control app in Windows 10 intended for home and personal use, that is at least my opinion. Many don’t even know that it exists and for an enterprise we really need to manage it = remove it or block it.
I wrote a blog post about it here at 4Sysops a while back https://4sysops.com/archives/remote-control-windows-10-with-quick-assist/ more details on Quick assist can be found there including on how to remove it using PowerShell.
Quick assist works extremely well through firewalls as the session is initiated by the user that will be remote controlled, the traffic is proxied through Microsoft Servers and URL’s and uses HTTPS/443.
Why not use it for remote control within a company when it sounds great?
We are missing features like:
- Logging, when, by whom and from where was the machine remote controlled (Remote assistance have this today)
- UAC support
- Multiple Monitor support
- Clipboard sharing support
Because it lacks logging and control of who can remote control that machine, anyone with an MSA or AAD account can call a user and provide them with a 6-digit code and remote control the machine. That is not something that is allowed by my customers that’s for sure. Many customers uninstall TeamViewer automatically but they don’t handle QuickAssist and even know it is there in many cases.
Quick assist can be removed by deploying a PowerShell script using Intune as well that removes the “Capabiltiy” that Quick Assist is in Windows 10. The script needs to consist of the following command.
Remove-WindowsCapability -online -name App.Support.QuickAssist~~~~0.0.1.0
Then we add it as a PowerShell script in Intune.
That way we can remove Quick assist from our machines managed by Intune.
Please vote for the Windows Feedback item to add the features we are missing, so we don’t have to remove it!
It can be found here: aka.ms/AA47hta