RDP has existed for decades, Linux also has this so-called spyware implemented in a way that you can only give access to authorized users (or provision authorized apps)
I think MacOS even includes this, but I'm not sure if it's enabled by default. Hell, I'd doubt it's enabled by default on Windows, too.
Do you mean this service is running and creating a tun gateway for Microsoft to actively connect to RDP, or do you mean there is a binary that support can have a person execute when they open a support case? I ask because their remote assist has existed since at least Windows 7 (Pro/Enterprise) AFAIK, but it requires the PC owner to run the binary.
If you see the service running, ask your AD team to check the group policy and see if someone mistakenly set that service to start. It really should be disabled by group policy in AD in an enterprise environment. There should be AD logs showing who enabled it if so. Having it enabled in a corporate environment is not just a security issue but also could create state table issues on your corporate firewall if you have a lot of employees behind a small SNAT pool and/or small firewall as each node will create an outbound tunnel to Microsoft servers for them to traverse your NAT/CG-NAT.
2 comments
[ 26.0 ms ] story [ 45.9 ms ] threadI think MacOS even includes this, but I'm not sure if it's enabled by default. Hell, I'd doubt it's enabled by default on Windows, too.
If you see the service running, ask your AD team to check the group policy and see if someone mistakenly set that service to start. It really should be disabled by group policy in AD in an enterprise environment. There should be AD logs showing who enabled it if so. Having it enabled in a corporate environment is not just a security issue but also could create state table issues on your corporate firewall if you have a lot of employees behind a small SNAT pool and/or small firewall as each node will create an outbound tunnel to Microsoft servers for them to traverse your NAT/CG-NAT.