Microsoft remote management tools without third-party

Sam Oz 21 Reputation points

Hi, my organization is moving to Azure cloud-only and I'm looking at the best remote-assistance/admin tools. There is a spread of Windows 10 PCs between home and office locations. We have the Microsoft 365 E5 license and we are rolling out the Endpoint solution for device management.

I am looking at Microsoft's offerings here:

Remote Help looks good for basic admin but requires the user to initiate the session. So the gap I have is an Unattended Access solution for PC administration. I've used TeamViewer and Solarwinds in the past and they are great, but they are costly, and was hoping the E5 license would cover me.

I realise Remote Desktop is an option but is that a security risk? Or maybe it gets blocked by home networks.

In the link above Remote Control (ConfigMgr) ticks all the boxes. So is this tool recommended? Does it require special ports? Can it be installed on clients without a Server infrastructure?


Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,217 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,697 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,271 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jason Sandys 31,146 Reputation points Microsoft Employee

    Remote Control in ConfigMgr does not work for Internet connected systems or with a CMG.

    We have a work item to investigate added unattended control to Remote Help (no commitment or timeline though).

    Not that this is truly pertinent to the question, but the CMG role itself does not in any way require anything on-prem AD wise however, the CMG is part of ConfigMgr and the COnfigMgr infrastructure servers must be members of an on-prem AD domain.

    Thus, if you must truly control systems connected by the Internet where no user is present, today, you must rely on a third party solution.

1 additional answer

Sort by: Most helpful
  1. Sam Oz 21 Reputation points

    I've done further research and it appears Microsoft doesn't have a solution for Unattended remote access in an Azure AD Cloud Only environment to manage "working from home" Windows devices.

    The Cloud Management Gateway (CMG) appears to require an On-Premise AD.

    0 comments No comments