Remote Support Overview

4 min. readlast update: 08.30.2024

What is Remote Support?

Remote Support is part of the Secure Remote Access product by Admin By Request, that allows you to share screens and remotely control devices inside of your Admin By Request inventory, while using all of the well-known features of the Admin By Request ecosystem, such as: inventory, auditlog, settings and sub-settings, approval flows etc.

Remote Support allows either end users or IT admins to initiate a secure, just-in-time, remote support session – allowing them to share and control the end-user's device – and tear everything down once the session is done – eliminating any access points for bad actors.

Prerequisites

In order to use the full power of Remote Support, there are a few requirements:

  • Access to the portal at https://www.adminbyrequest.com/Login

  • Admin By Request for Windows 8.4.0, Build 31936+ on each client

  • Admin By Request API - port 443 for the following:

    • 137.117.73.20 (if your data is located in the USA)

    • 104.45.17.196 (if your data is located in Europe)

    • api.adminbyrequest.com

    • api1.adminbyrequest.com

    • api2.adminbyrequest.com

    • macapi1.adminbyrequest.com

    • macapi2.adminbyrequest.com

  • MQTT broker connectivity - port 8883 for the following:

    • FastTrackHubEU1.azure-devices.net

    • FastTrackHubUS1.azure-devices.net

  • For Unattended Access, RDP needs to be enabled on port 3389 on the device

  • The endpoint needs to be enrolled with an Admin By RequestSecure Remote Access license.

The following might also be required:

  • The endpoint needs to allow communication with the Admin By Request MQTT broker and API (ports 443 and 8883), as well as Cloudflare's endpoints on port 7844 for the following:

    • region1.v2.argotunnel.com

    • region2.v2.argotunnel.com

And for firewalls that enforce Server Name Indication (SNI):

    • cftunnel.com

    • h2.cftunnel.com

    • quic.cftunnel.com

Refer to https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/deploy-tunnels/tunnel-with-firewall/ for more information on Cloudflare's "tunnel with firewall" configuration.

How does Remote Support work?

Remote Support is based on the same gateway concept as the Unattended Access gateway, which is also part of the Admin By RequestSecure Remote Access product. It allows a just-in-time setup between the gateway and the endpoint by establishing a secure Cloudflare tunnel.

Once the tunnel is established, a just-in-time server session is created on the endpoint – allowing for screen sharing and remote control via the browser.

Once the session is terminated or expires, the tunnel and the server session are terminated, leaving the endpoint in the same state as before the remote support session.

The setup is fully cloud-based and does not require any on-premise setup besides what’s mentioned in the prerequisites:


The flow for a Remote Support session can be initiated either by an end user or by an IT administrator via the portal .

End user initiated
  • The end user requests a Remote Support session from their endpoint – providing a reason for the request.

  • The IT admin approves (or denies) the request via the Admin By Request portal.

IT admin initiated
  • The IT admin navigates to a specific device in the Admin By Request portal inventory and clicks Support on the relevant endpoint to initiate a remote support session.

  • The end user is asked to approve the incoming Remote Support session from the IT admin.

  • Upon approval, a secure Cloudflare tunnel is initiated between the Admin By Request gateway and the endpoint and a just-in-time server session is created on the endpoint.

  • The IT admin is now connected to the endpoint via the secure tunnel and the remote support session commences.

Once the session is terminated – or expires – the session server and the tunnel are terminated.

The session is logged in the audit log in the Admin By Request portal, allowing for the IT admin to access documentation about each remote support session – as well as download a recording of each session (if recording is enabled).

Based on the settings, each Remote Support session can be adapted with various security and compliance features like: Multi-Factor Authentication (MFA), view-only access, session expiration and session recording.

Was this article helpful?