{
	"id": "4e381580-f33d-4125-a04f-507ad243b8e1",
	"created_at": "2026-04-06T00:11:05.431506Z",
	"updated_at": "2026-04-10T03:21:34.323599Z",
	"deleted_at": null,
	"sha1_hash": "4ec412fc7416737cdba7c9c5a42adcfd41f93572",
	"title": "Use Quick Assist to help users",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 97382,
	"plain_text": "Use Quick Assist to help users\r\nBy officedocspr5\r\nArchived: 2026-04-05 21:07:23 UTC\r\nQuick Assist is an application that enables a person to share their Windows or macOS device with another person\r\nover a remote connection. Your support staff can use it to remotely connect to a user's device and then view its\r\ndisplay, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues,\r\nand provide instructions to users directly on their devices.\r\nImportant\r\nLearn how to protect yourself from tech support scams. Tech support scams are an industry-wide issue where\r\nscammers use scare tactics to trick you into unnecessary technical support services. Only allow a Helper to\r\nconnect to your device if you initiated the interaction by contacting Microsoft Support or your IT support staff\r\ndirectly.\r\nIf you or someone you know has been affected by a tech support scam, use the technical support scam form to\r\nreport it.\r\nImportant\r\nIf your organization uses Quick Assist within a single Microsoft Entra tenant, consider switching to Intune\r\nRemote Help for enhanced security and enterprise-grade controls. Remote Help offers several security advantages\r\nover Quick Assist:\r\nConditional Access Enforcement: Ensures only compliant and trusted devices can initiate or receive\r\nremote sessions.\r\nRole-Based Access Control (RBAC): Limits who can provide remote assistance based on assigned roles\r\nin Intune.\r\nSession Logging and Auditing: Captures detailed logs of remote sessions for compliance and forensic\r\nreview.\r\nData Sovereignty and Tenant Isolation: Guarantees that all remote sessions occur within your tenant\r\nboundary, reducing risk of cross-tenant exposure.\r\nIntegration with Microsoft Defender for Endpoint: Enables threat detection and response during remote\r\nsessions.\r\nThese features make Remote Help a better fit for enterprise environments that require secure, auditable, and\r\npolicy-driven remote support.\r\nTo use Quick Assist, both parties must have internet access that allows communication over HTTPS and that can\r\nreach the required Microsoft service endpoints. No roles, permissions, or policies are involved. Neither party\r\nneeds to be in a domain. The helper must have a Microsoft account. The sharer doesn't have to authenticate.\r\nhttps://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist\r\nPage 1 of 6\n\nThe helper can authenticate when they sign in by using a Microsoft account (MSA) or Microsoft Entra ID. Local\r\nActive Directory authentication isn't currently supported.\r\nQuick Assist communicates over port 443 (https) and connects to the Remote Assistance Service at\r\nhttps://remoteassistance.support.services.microsoft.com by using the Remote Desktop Protocol (RDP).\r\nThe traffic is encrypted with TLS 1.2. Both the helper and sharer must be able to reach these endpoints over port\r\n443:\r\nDomain/Name Description\r\n*.aria.microsoft.com\r\nAccessible Rich Internet Applications (ARIA)\r\nservice for providing accessible experiences to\r\nusers.\r\n*.cc.skype.com Required for Azure Communication Service.\r\n*.events.data.microsoft.com\r\nRequired diagnostic data for client and services\r\nused by Quick Assist.\r\n*.flightproxy.skype.com Required for Azure Communication Service.\r\n*.live.com Required for logging in to the application (MSA).\r\n*.monitor.azure.com\r\nRequired for telemetry and remote service\r\ninitialization.\r\n*.registrar.skype.com Required for Azure Communication Service.\r\n*.support.services.microsoft.com Primary endpoint used for Quick Assist application\r\n*.trouter.skype.com\r\nUsed for Azure Communication Service for chat\r\nand connection between parties.\r\naadcdn.msauth.net\r\nRequired for logging in to the application\r\n(Microsoft Entra ID).\r\nedge.skype.com\r\nUsed for Azure Communication Service for chat\r\nand connection between parties.\r\nlogin.microsoftonline.com Required for Microsoft sign-in service.\r\nremoteassistanceprodacs.communication.azure.com\r\nUsed for Azure Communication Service for chat\r\nand connection between parties.\r\nturn.azure.com Required for Azure Communication Service.\r\nImportant\r\nhttps://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist\r\nPage 2 of 6\n\nQuick Assist uses Edge WebView2 browser control. For a list of domain URLs that you need to add to the allow\r\nlist to ensure that the Edge WebView2 browser control can be installed and updated, see Allow list for Microsoft\r\nEdge endpoints.\r\nEither the support staff or a user can start a Quick Assist session.\r\n1. Support staff (\"helper\") and the user (\"sharer\") can start Quick Assist in any of a few ways:\r\nType Quick Assist in the Windows search and press ENTER.\r\nPress CTRL + Windows + Q.\r\nFor Windows 10 users, from the Start menu, select Windows Accessories, and then select Quick\r\nAssist.\r\nFor Windows 11 users, from the Start menu, select All Apps, and then select Quick Assist.\r\n2. In the Help someone section, the helper selects the Help someone button. The helper might be asked to\r\nchoose their account or sign in. Quick Assist generates a time-limited security code.\r\n3. Helper shares the security code with the user over the phone or with a messaging system.\r\n4. The sharer enters the provided code in the Security code from assistant box under the Get help section,\r\nand then selects Submit.\r\n5. The sharer receives a dialog asking for permission to allow screen sharing. The sharer gives permission by\r\nselecting the Allow button and the screen sharing session is established.\r\n6. After the screen sharing session is established, the helper can optionally request control of the sharer's\r\nscreen by selecting Request control. The sharer then receives a dialog asking them if they want to Allow\r\nor Deny the request for control.\r\nNote\r\nIn case the helper and sharer use different keyboard layouts or mouse settings, the ones from the sharer are used\r\nduring the session.\r\n1. Both the helper and the sharer start Quick Assist.\r\n2. The helper selects Help someone. Quick Assist on the helper's side contacts the Remote Assistance Service\r\nto obtain a session code. An RCC chat session is established, and the helper's Quick Assist instance joins it.\r\nThe helper then provides the code to the sharer.\r\n3. After the sharer enters the code in their Quick Assist app, Quick Assist uses that code to contact the\r\nRemote Assistance Service and join that specific session. The sharer's Quick Assist instance joins the RCC\r\nchat session.\r\n4. The sharer is prompted to confirm allowing the helper to share their desktop with the helper.\r\n5. Quick Assist starts RDP control and connects to the RDP Relay service.\r\n6. RDP shares the video to the helper over https (port 443) through the RDP relay service to the helper's RDP\r\ncontrol. Input is shared from the helper to the sharer through the RDP relay service.\r\nhttps://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist\r\nPage 3 of 6\n\nMicrosoft logs a small amount of session data to monitor the health of the Quick Assist system. This data includes\r\nthe following information:\r\nStart and end time of the session\r\nErrors arising from Quick Assist itself, such as unexpected disconnections\r\nFeatures used inside the app such as view only, annotation, and session pause\r\nNote\r\nNo logs are created on either the helper's or sharer's device. Microsoft can't access a session or view any actions or\r\nkeystrokes that occur in the session.\r\nThe sharer sees only an abbreviated version of the helper's name (first name, last initial) and no other information\r\nabout them. Microsoft doesn't store any data about either the sharer or the helper for longer than three days.\r\nIn some scenarios, the helper does require the sharer to respond to application permission prompts (User Account\r\nControl), but otherwise the helper has the same permissions as the sharer on the device.\r\n1. Download the new version of Quick Assist by visiting the Microsoft Store.\r\n2. In the Microsoft Store, select View in store, then install Quick Assist. When the installation is complete,\r\nInstall changes to Open.\r\nFor more information, visit Install Quick Assist.\r\nTo deploy Quick Assist with Intune, see Add Microsoft Store apps to Microsoft Intune.\r\nThe Microsoft Edge WebView2 is a development control that uses Microsoft Edge as the rendering engine to\r\ndisplay web content in native apps. The new Quick Assist application is developed using this control, making it a\r\nnecessary component for the app to function.\r\nFor Windows 11 users, this runtime control is built in.\r\nFor Windows 10 users, the Quick Assist Store app detects if WebView2 is present on launch and if\r\nnecessary, installs it automatically. If an error message or prompt is shown indicating WebView2 isn't\r\npresent, it needs to be installed separately.\r\nhttps://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist\r\nPage 4 of 6\n\nFor more information on distributing and installing Microsoft Edge WebView2, visit Distribute your app and the\r\nWebView2 Runtime.\r\nQuick Assist for macOS is available for interactions with Microsoft Support. If Microsoft products on your\r\nmacOS device aren't working as expected, contact Microsoft Support for assistance. Your Microsoft Support agent\r\nwill guide you through the process of downloading and installing it on your device.\r\nNote\r\nQuick Assist for macOS is not available outside of Microsoft Support interactions.\r\nIf your organization utilizes another remote support tool such as Remote Help, disable or remove Quick Assist as\r\na best practice, if it isn't used within your environment. This prevents guests from using Quick Assist to gain\r\naccess to devices within your organization.\r\nTo disable Quick Assist, block traffic to the https://remoteassistance.support.services.microsoft.com\r\nendpoint. This is the primary endpoint used by Quick Assist to establish a session, and once blocked, Quick Assist\r\ncan't be used to get help or help someone.\r\nNote\r\nBlocking the endpoint will disrupt the functionality of Remote Help, as it relies on this endpoint for operation.\r\nRun the following PowerShell command as Administrator:\r\nGet-AppxPackage -Name MicrosoftCorporationII.QuickAssist | Remove-AppxPackage -AllUsers\r\nNavigate to Settings \u003e Apps \u003e Installed apps \u003e Quick Assist \u003e select the ellipsis (…), then select Uninstall.\r\nBefore joining a session, it's important for you to know who you are connecting to. Anyone that has control over\r\nyour device can perform actions on your device, and potentially install malicious applications or take other actions\r\nthat can damage your device.\r\nFollow these best practices for using Quick Assist or any remote desktop software:\r\nNever allow a connection to your device by someone claiming to be \"IT Support\" unless you initiated the\r\ninteraction with them.\r\nDon't provide access to anyone claiming to have an urgent need to access your device.\r\nDon't share credentials to any websites or applications.\r\nNote\r\nMicrosoft will never contact you through unsolicited emails, phone calls, or other methods to request access to\r\nyour device. Microsoft will only request access to your device if you have contacted us and directly requested help\r\nwith solving an issue you are experiencing. If you need customer service support from Microsoft, please visit\r\nMicrosoft Support.\r\nhttps://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist\r\nPage 5 of 6\n\nIf you suspect that the person connecting to your device is being malicious, disconnect from the session\r\nimmediately and report the concern to your local authorities and/or any relevant IT members within your\r\norganization.\r\nIf you or someone you know has been affected by a tech support scam, use the technical support scam form to\r\nreport it.\r\nIf you have any problems, questions, or suggestions for Quick Assist, contact us by using the Feedback Hub app.\r\nSource: https://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist\r\nhttps://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist"
	],
	"report_names": [
		"quick-assist"
	],
	"threat_actors": [],
	"ts_created_at": 1775434265,
	"ts_updated_at": 1775791294,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4ec412fc7416737cdba7c9c5a42adcfd41f93572.pdf",
		"text": "https://archive.orkl.eu/4ec412fc7416737cdba7c9c5a42adcfd41f93572.txt",
		"img": "https://archive.orkl.eu/4ec412fc7416737cdba7c9c5a42adcfd41f93572.jpg"
	}
}