This article applies to TeamViewer customers with a Corporate or Tensor plan.
For connection to mobile devices, the AddOn plan Mobile Device Support is required for the Corporate plan.
Also, an Intune product license must be assigned to the Intune administrator account.
Introduction
The target of the TeamViewer-Intune integration is to enable IT Administrators to remotely administer an Intune-managed device; providing remote assistance to information workers.
Through the troubleshooting portal, Admins will:
- Remotely troubleshoot issues such as licensing, enrollment, and compliance issues even app installation failures.
- Perform remote tasks such as manage mobile apps, file transfer system logs, view device system information, monitor hardware performance including CPU utilization, RAM usage, and device storage information.
- Save time, cut travel costs for on-site, in-person service calls and maintenance
Audience
This document intends to address Intune IT Admins and Help Desk support staff.
Prerequisites
It is assumed that the reader is familiar with using Intune in Azure.
- Valid TeamViewer account with eligible license. To sign up, please visit: https://login.teamviewer.com
- Intune product license assigned to Intune administrator account.
- Adequate permissions. The Intune administrator in the Endpoint Manager admin center must have the following InTune roles:
- Update Remote Assistance: Allows administrators to modify the TeamViewer connector settings.
- Request Remote Assistance: Allows administrators to start a new remote assistance session for any user. Users with this role are not limited by any Intune role within a scope. Also, user or device groups assigned an Intune role within a scope can also request remote assistance.
- Microsoft Endpoint --> Tenant Administration --> Roles - All roles --> Intune roles – Permissions --> Remote tasks:
- Request Remote Assistance: Initiates a remote assistance session with a user's device by using TeamViewer. TeamViewer must be configured for your tenant. Remote assistance with TeamViewer supports Windows MDM managed PC's, Android PCs. HoloLens, Surface Hub and Windows 10 S devices are not supported.
Software Requirements & Supported devices
- Supported administrator platforms establishing outgoing connections via TeamViewer Full Client App: Windows, MacOS, Linux, iOS, Android.
- Supported information worker endpoint platforms allowing incoming connections via QuickSupport App are:
- Windows MDM managed PC's (Windows devices that are enrolled using "userless" methods, such as DEM and WCD, don't show the TeamViewer notification in the Company Portal app.)
- Android device administrator (DA)
- Android Enterprise personally owned devices with a work profile (BYOD) (dedicated and fully managed Android devices are not supported)
- MacOS
- iOS
HoloLens, Surface Hub and Windows 10 S devices are not supported.
The Company Portal App is required to receive/allow remote request. You cannot use the integration for devices managed with InTune app.
Key Features
The TeamViewer integration in Intune offers key features and workflows:
- Allowing IT admins to seamlessly initiate remote sessions in the Intune dashboard.
- Notifying Information workers of remote request via the Company Portal App.
- Supporting multiple, simultaneous tabbed sessions to Intune-managed devices.
- Mass deploying unattended access to Windows and Android devices.
- Securing all sessions using RSA public/private key exchange and AES 256-bit encryption.
The integration benefits administrators; streamlining remote administration when support cases surface and the TeamViewer Connector is pre-built into the Intune platform. No separate installation necessary!
About this manual
This manual describes how to enable the TeamViewer Connector and initiate the remote assistance request to Intune-Managed devices. It also provides an overview of the various features provided by the integration.
TeamViewer Client Installation
Administrators need to install the TeamViewer full client on their laptops. To install the TeamViewer App, follow the below steps:
1) Download the TeamViewer installer for your OS by invoking the following URL: https://www.teamviewer.com/en/download/
2) Run the downloaded application. Choose the “Basic Installation” option as shown below and then click the “Accept – Finish” button
3) In case the User Account Control dialog pops up, click the “Yes” button. TeamViewer installation will proceed and complete.
Enabling TeamViewer Connector
The TeamViewer integration in Intune is pre-built, only requiring the end user to enable the integration and link their TeamViewer account.
Please make sure prerequisites have been met.
To enable the TeamViewer integration:
- Users should go to set up the TeamViewer Connector, access devices, and create client apps.
- The TeamViewer Connector is located in Endpoint Manger Admin --> Tenant Administration --> Connectors and tokens --> Cross Platform --> TeamViewer Connector as shown in the screenshot below:
- Administrators will be redirected to TeamViewer to enter TeamViewer credentials and accept required permissions:
- Next, authorize Intune access to the TeamViewer account by choosing: ‘Log in to TeamViewer to authorize’:
- Authorized TeamViewer accounts will be redirected Microsoft Intune, requiring sign in with Microsoft credentials:
- Once successful, a confirmation message stating: ‘’ will display and the connection status showing green ‘Active’
If users experience an error message after this step, please ensure a proper Intune license is associated with the account. Please see the section ‘Prerequisites’ for further information.
Request Remote Assistance
To remotely administer an Intune managed device, administrators will need to select a device via Intune ‘Troubleshooting’ e.g. Microsoft Endpoint > Troubleshoot or ‘Devices’ e.g. Microsoft Endpoint > Devices. In this use case we will be requesting remote assistance to a user’s device through the Troubleshooting portal.
- The Intune troubleshooting portal can be used by Intune administrators to view information about a specific Intune user and assigned devices.
- Troubleshoot problems such as licensing, enrollment, and compliance issues even app installation failures.
- Also, School Administrators can manage Windows 10 / iOS devices in Intune for Education
- In the Azure portal select Intune, and in the Help & Support section, choose Troubleshoot.
- The IT help desk will select a user who has opened a support case
- Once IT select’s the problematic device, they can view the full dashboard listing the device status and initiate ‘New Remote Assistance Session’ to the user’s device by selecting ‘…More’ in top right corner.
- When the remote assistance session has been generated, ‘Start Remote Assistance’, will appear, bringing the Admin into the waiting portal until the end user accepts the request.
- On the remote side, the Company Portal App’s flag notification prompts the IW to accept the request and confirm to allow remote control.
📌Note: If TeamViewer is installed, the device will redirect to the installed application. If no TeamViewer is installed, the device will prompt to download the Quick Support version of TeamViewer to be able to make the connection with the device.
📌Please note:
- Remote assistance is for attended access requiring end user interaction.
- Remote sessions take place via TeamViewer QuickSupport App which is added in Intune>Client Apps as a LOB or Managed App.
- TeamViewer Host on Windows OS only will also accept remote assistance requests if already installed.
- The QuickSupport App and Add-On for mobile devices must be installed prior before a remote session can take place.
- If QuickSupport App is not installed prior to remote request, then end user will automatically be taken to App Store to download after accepting remote assistance.
Deploying TeamViewer MSI Package
TeamViewer offers an MSI deployment package to install TeamViewer Full Clients or Host modules to your entire network of Windows 10 devices silently, without IT staff leaving their desk or requiring manual actions from end users.
📌Please note:
- Deploying TV MSI packages does require a TeamViewer Corporate subscription and the TeamViewer full client is needed to view the managed device(s).
- If the Host is installed on users’s devices, IT admins can still request remote assistance with attended access, allowing the session to be passed through the Company Portal App.
When deploying the MSI as a Line-of-Business App, IT Admins can use command-line switches to:
- Apply the settings of a Custom Host automatically, including a specific settings policy
- Assign the installed host to an account, and
- Enable Easy Access for unattended access
Steps to deploy MSI package:
- As a prerequisite, we will need to enter the TeamViewer with the Master admin account or the account of the main TeamViewer administrator. Don’t have a Master admin account? See on why and how you can use one for TeamViewer configuration and central administration.
- On the left side of the screen, choose the Design & Deploy section. Then, in the top right corner of the page click the button titled Add Host. In the drop-down menu that appears, choose Host.
In the configuration screen, you can customize the Host module. The following visual customizations are available for your customized Host:
- Title: Lets you edit the window title.
- Text: Lets you edit the welcome text in the main window.
- Logo: Select your own logo, which will be displayed in the top part of the main window.
- Text color: Lets you edit the font color. Click in the left field to display a color box and select a color.
- Background color: Lets you edit the background color. Click in the left field to display a color box and select a color.
Custom Host Settings
The following settings are available on the custom Host module:
- Name: Serves to identify the modules in the overview of your customized modules.
- Automatically add computers to a group in your Computers list: If the box is checked, every device on which the TeamViewer Host module is installed will be automatically added to the selected group within your Computers & Contacts list. Select a group for these devices from your Computers & Contacts list.
- Allow users to create a service request: If the box is checked, users of the TeamViewer Host module can start a service case for spontaneous support. For this, a Help me Button will be visible on the Host module when your customer opens the module. Select a group name for these computers in your Computers & Contacts list.
- Default assignee: You can select a default assignee for all service cases created with this customized Host
- Allow customer to initialize chat: A chat box appears in which your customers can send a message prior to the connection.
- TeamViewer policy: Assign a TeamViewer settings policy to the device. The settings defined within the policy are set for the module during installation.
- Allow account assignment via the Assignment Tool: Account assignment without confirmation will activate easy access automatically
- Once you have configured your custom Host to your liking, click the Save button in the lower-right corner. A dialog will appear with a custom download link for the EXE version of the Host, and an API token to be used during the MSI Deployment.
- Copy these items and document them for later use in your deployment. Once documented, click OK in the bottom-right corner to close the dialog and return to the Design and Deploy page.
- Back on the Design and Deploy page, you will see your new Custom Host in the list. Move your mouse over the row for the host and move to the right edge. Click the Edit button that appears to edit your custom Host settings.
- In the Edit dialog, there will be new information in the lower-right corner that will be needed for deployment. You may need to scroll the dialog to see it as pictured below. At the bottom of this section will be a line called the Configuration ID. This string will be needed for the MSI deployment command, so copy and document this string for later use
- You can then click the link titled Download MSI. This will download a ZIP file containing generic MSI installers for both the Host (TeamViewer_Host.msi) and the full Client (TeamViewer.msi).
- Now that the MSI file and the deployment parameters are available, we can move to create the package in Intune.
- In the Intune dashboard, we navigate to the Client Apps section, choose Add, and for App type select Line-of-Business App.
- Under App package file, open the file explorer and select the previously downloaded and extracted MSI file named TeamViewer_Host.msi. Configure details defining a description for the App, input TeamViewer as the trusted publisher, and most importantly paste the required command-line parameters.
Here is a recommended command-line to install the custom Host created earlier in this article. Replace %YOURAPITOKEN% and %YOURCUSTOMCONFIGID% with the API token and Configuration ID you previously saved and documented:For unattended Access please add the parameter like below
/qn CUSTOMCONFIGID=%YOURCUSTOMCONFIGID% APITOKEN=%YOURAPITOKEN% ASSIGNMENTOPTIONS="--grant-easy-access"
More deployment details, installation switches, and options are available in our full MSI deployment article at this link.
- After saving the parameter, manage the assignment as ‘required’ to silently force the installation, select group of devices and confirm all changes have been saved.
- Then save the app and the devices will start to install.
- Monitoring the installation status; confirming the deployment was successful, we cross-reference the device’s hostname and secure unattended access from the TeamViewer full client.
Video demonstrations below:
Mass Deploy Android Host
Through Intune’s EMM system - supporting App Configuration Policies for Managed Apps, Admins can deploy the TeamViewer Host App to support Android phones and tablets. Devices include Samsung, Asus, Honeywell, Caterpillar, Lenovo, Sony and more…. Please check the following Community article for a list of supported devices and Add Ons.
Once the Android Host is deployed, in addition to remote view & remote control, TeamViewer enables chat support, secure file transfer, viewing system information and the ability to stop or uninstall problematic Apps. Admins can now benefit with the ability to access unattended devices used as POS systems or Kiosks.
Deploy Android Host:
- As a prerequisite, we will need to enter the TeamViewer with the Admins account.
- Navigate to top right corner and choose ‘Add Android Host’
- In the configuration, screen define a name for the module and select a group where the managed device will display. Make sure to copy the configuration link after saving the module for later steps.
- Navigate to Endpoint Manager --> Tenant Administration --> Android -> Managed Google Play to make sure you have linked your managed Google Play account to Intune, granting permission to send both user and device information to Google.
- open Managed Google Play store
- In the Play Store the Admin will search for the TeamViewer Host App and make sure it is approved as a Managed App along with any other Add Ons specific to your devices to allow the full control feature.
- Once synchronized the Managed App will appear in the Intune dashboard and the Admin will verify the required App is assigned to a group containing the intended devices for deployment.
- Using our saved ConfigID from previous step 3, add an App Config Policy including the name, description and Managed device as an enrollment type.
- After choosing Android as the platform and selecting the associated App, configure permissions using the configuration designer or JSON editor.
- In this example we use the configuration designer adding the value type as ‘string’ and paste the ConfigID as the configuration value.
There are other options in the Configuration Designer, this is out of the scope of this article. Tensor Licensed customers may refer to an article in that KB for more information.
Lastly assign the scope to the same group of mobile devices that was in scope of the mobile app deployment.
- The Host will install as a Managed App under a work profile
- Opening the TV Full Client, we select the assigned group, double click the managed device and perform remote administration.
⚠Important: Please make sure that default ‘Device Type Restrictions’ is not blocking ‘Android work profile’ and the permissions is configured to ‘Allow’
Video demonstrations below:
Further reading:
