Yes a saw the requirements. We have sophos firewall. I don't exactly know, could we input *.xxxx.com address and will sophos understand it.

We asked this question for sophos also.

Hello. Some updates

Sophos support mentioned that they are not sure that adding hosts that starts with "*." to exclusions will actually work.
We tested and it's not working as it supposed :) We can't resolve endpoints.

Hello @Jason-MSFT

Maybe there are some direct endpoint addresses that we could add in our firewall as exception that doesn't contains asterisks (*)?

Hello @Jason-MSFT

After some testing we discovered that after I un-join workstation from domain. Remote Help App starts working.

Also when remote help app is installed in Event Viewer (System) shows this error :

Update : Also for testing i moved workstation to OU and disabled inheritance, after that forced gpupdate, but no result.

Hello @Jason-MSFT

I tested all GPo an find out that this is not the problem.

Installed remote help app on just joined domain that is managed by SCCM (if I write dsregcmd /status -> it shoes azure ad joined:No. After that remote help is working.

After I put workstation into pilot collection, after that it's becomes hybrid azure ad joined. If Device state is AzureADJoined:YES, Remote help app stops working

Is remote help app is supported with co-management? I didn't fine any related resources to this.

We are moving to co-management. As we will switch workloads to intune, and manage workstation via intune.

As we are moving to co-management we want to use remote help app feature for this devices.

Is this path supported?

@Jason-MSFT I’m testing remote help app on co-managed device, which has workloads from intune.

The only policy that i applied from intune to this device is compliance policy, and device is compliant in intune.

The are no intune policies deployes that are blocking something.

But i will check this later. Thank you

Hello @Jason-MSFT

I did investigation in our Intune and Azure AD. Couldn't find any clues that something could block RemoteHelpApp.exe.

Our Azure AD and Intune is quite new and fresh.

What could be causing this app blocking?

RemoteHelpApp is deployed via Intune to co-managed device. Other Win32 Apps and LOB apps deployed are working just fine.

Bitlocker polices are configured via SCCM.

There are no problems with policy as it worked earlier and policy hasn't been modified, from creating date.

Of course. :) These screenshots are from client workstation. Yeah everything is correct.

Hello @LimitlessTechnology-2700

Basically workstation have Bitlocker enabled during SCCM TS. I also have command that add registry record that encryption should be XTS-AES-128 so that Bitlocker policy would apply without errors.

After policy applies, and machine policy cycle is initiated workstation should see, that workstation is encrypted and perform key escrow to SCCM SQL DB as the all requirements by policy are met.

Thank you! :)

Ok, thank you!

Hello @cthivierge

My plan is to start with AD CS server upgrade it till Windows Server 2019.

After AD CS upgrade I will upgrade AD DS to 2019 but with AD DS I will no use in-place upgrade, but deploy two new servers and move FSMO roles and all settings from old AD DC to new and after that do decommission of old servers.