This content has been retired and may not be updated in the future. The product, service, or technology mentioned in this content is no longer supported.
Your Microsoft Managed Desktop users can get support either from your organization ("customer-led" support) or from a selected partner ("partner-led" support).
We aim to provide a consistent experience for users while keeping devices secure with both support options. No matter which option you choose, these same principles apply:
Flexible integration of Microsoft Managed Desktop devices with your existing support processes.
Clear roles and responsibilities between the support provider, IT admins, and Microsoft Managed Desktop.
Documentation provided by Microsoft Managed Desktop, along with a portal, where you can request elevated device access and escalation to our support staff, if needed.
Threat monitoring and mitigation provided by Microsoft Managed Desktop all day every day.
Roles and responsibilities
To ensure the quality of service without compromising security, the support provider, IT admins, and Microsoft Managed Desktop have different roles and responsibilities.
Role
Responsibilities
Support provider
Whoever provides support (either you for customer-led support or a partner for partner-led) is responsible for these items:
Provide all user support and technical assistance from first contact through to resolution for the user.
Fulfill all service-level agreements for user support established by your organization, or in partnership with your chosen support provider.
Perform specific remediation actions, such as requesting elevated device privileges as described in Elevation requests.
Remediate user problems including:
Operating system (Windows)
Microsoft Apps for enterprise
Browser features
Device problems
Problems with infrastructure, such as printers, drivers, and VPNs
Line-of-business applications
IT admin
Your IT admin is responsible for these items:
Work with the support provider to set and manage service level agreements for user support
Manage elevated access privileges for approved support staff. For more information, see Turn on user support features.
Route hardware-related issues to the appropriate vendor or supplier.
Maintain and protect device security policy settings on Microsoft Managed Desktop devices. Don't change the policies we set.
Microsoft Managed Desktop
As the service provider, we're responsible for these items:
Provide the means for elevated device access and issue escalation including documentation.
Keep this information about the roles and responsibilities current.
Respond to admin support requests in accordance with the severity definitions.
Provide threat monitoring and mitigation for all enrolled devices all day every day.
Escalation paths
Whether support is customer-led or partner-led, the flow of activity for a user support request follows this path:
Integrating your existing processes with this workflow for Microsoft Managed Desktop devices is flexible, so the details could be different. Typically, the support provider follows an existing tier-based or handoff approach. The support provider designates specific users, who have the ability to elevate permissions or escalate issues, to Microsoft Managed Desktop Operations. It's best to keep this group smaller than the broader support team.
If an issue must be escalated to Microsoft Managed Desktop, it's helpful to identify which team the issue should be directed to. We can transfer cases appropriately, but it saves time to route them to the right place from the start.
Problem
Contact this team
Problems specific to Microsoft Managed Desktop
For example, a policy or setting that's deployed by the service itself. Escalate directly to the Operations team by creating a new support request. For more information, see escalation request.
Hardware problems
Direct to your hardware supplier or vendor.
Other problems
Escalate through existing support channels, whether that's a Unified or Premier subscription.
Support framework
Note
These support options are not available for devices in the Test group.
Elevation portal
Since Microsoft Managed Desktop devices run on standard user by default, some tasks require elevation of privileges. For more information about user account control, see User account control. In order for support staff to be able to perform tasks while fixing issues for users, we provide "just-in-time" access to an admin account. This password is accessed securely by only users you designate, and rotates every couple of hours.
If an issue requires escalation to the Microsoft Managed Desktop Operations team, designated support staff might direct similar to an IT admin support request.
Note
Only Sev C support requests can be filed in this manner. For an issue matching the description of other severities, it's recommended to contact the appropriate IT admin to file. For more info, see Support request severity definitions.
Ensure you've set up user support before you submit an elevation or escalation request.
If you've reached the point in the escalation path where you need to request elevated device access or escalation to Microsoft, use the following steps:
Submit an elevation request
Before you request elevated access to a device, it's best to review which actions are best suited.
Actions
Examples
Typical actions are intended for the elevation request process. It's performed routinely when fixing problems with Microsoft Managed Desktop devices.
Elevating built-in system fixes, the command prompt, or Windows PowerShell Troubleshooting line-of-business applications.
Using a workaround to correct something that should function by design (such as BitLocker activation or system time not updating).
Elevating Device Manager to do things like update drivers, uninstall a device, or scan for new changes.
Actions that aren't recommended
Installing software or browsers.
Installing drivers outside of Windows settings, including drivers for peripherals.
Installing .msi or .exe files.
Installing Windows features.
Actions that aren't supported
Installing software or features that conflict with Microsoft Managed Desktop security or management capabilities or operations.
Disabling a Windows feature that is required for Microsoft Managed Desktop, such as BitLocker.
In the Microsoft Managed Desktop section, select Devices, which contains two tabs: the Devices tab and the Elevation requests tab.
To create a new elevation request on the Device tab, select a single device that you want to elevate.
From the Device actions dropdown menu, select Request elevation. A new elevation request fly-in will appear with the device’s name pre-populated in that field.
Instead, to create a new elevation request in the Elevations requests tab, select +New elevation request.
Provide these details:
Support ticket ID: This is from your own support ticketing system.
Device name: This is only when creating request from the Elevation requests tab. Enter the device serial number and then select the device from the menu.
Category: Select the category that best fits your issue. If no option seems close, then select Other. It's best to select a category if at all possible.
Title: Provide a short description of the issue on the device.
Plan of action: Provide the remediation steps you plan to take once elevation is granted.
Select Submit.
The list and details of all active and closed requests can be seen on the Elevation requests tab.
In the Microsoft Managed Desktop section, select Service requests.
In the Service requests section, select + New support request.
Provide a brief description in the Title field. Then, set the Request type to Incident.
Select the Category and Sub-category that best fits your issue. Then, select Next.
In the Details section, provide the following information:
Description: Add any extra details that could help our team understand the problem. If you need to attach files, you can do that by coming back to the request after you submit it.
Primary contact information: Provide information about how to contact the main person responsible for working with our team.
Provide as much information about the request as possible to help the team respond quickly. Depending on the type of request, you may be required to provide different details.
Review all the information you provided for accuracy.
Learn about how people and organizations can get the most out of their technology through Microsoft 365 support offerings and help improve Microsoft 365 services.
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.