![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 30%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 86%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
Hi Priya Patel,
To enable unattended control, you’ll need to configure explicit tenant-level policies in the Intune admin center. Specifically, the Remote Help settings must be updated to allow unattended access, and that permission should be scoped only to trusted administrator groups. By default, unattended sessions are disabled, so enabling them requires a deliberate policy choice.
The key tenant security guardrails include: enforcing Azure AD authentication for all administrators, applying role-based access control (RBAC) so only approved IT staff can initiate unattended sessions, and using Conditional Access policies to strengthen sign-in security. It’s also recommended to enable audit logging so every unattended session is tracked, which is critical for compliance. Best practice is to assign unattended access only to a dedicated security group (for example, facilities IT admins), rather than enabling it tenant-wide.
If you find this answer helpful, kindly hit “accept answer”.
Jason.