Configuring the New TeamViewer Connector in Microsoft Intune (Service Release 2604)
Microsoft Intune's April 2026 service release 2604 introduces a redesigned TeamViewer connector that replaces the legacy connector, adding SSO support, device group synchronisation, and granular role-based permissions. Organisations still using the legacy connector have a 12-month migration window before remote assistance sessions from the Intune admin centre will stop functioning. Administrators must complete the new connector setup and SSO integration to maintain uninterrupted remote assistance across Windows, macOS, Android, and iOS/iPadOS devices.
Indicators
- Legacy TeamViewer connector is active and showing deprecation or 'outdated' warnings in Intune admin center
- Remote assistance sessions cannot be initiated from Devices > All devices in the Intune admin center
- TeamViewer connector status page shows 'unsupported' after upgrading to service release 2604 or later
- SSO is not available when launching TeamViewer sessions from within Intune
- Device group synchronisation between Intune and the TeamViewer tenant is absent or non-functional
- Helpdesk operators have insufficient or overly broad remote assistance permissions due to missing RBAC configuration
Likely causes
- Legacy TeamViewer connector not migrated following the Intune 2604 service release deprecation
- SSO not configured between Azure AD / Microsoft Entra ID and the TeamViewer tenant
- Device groups not synchronised between Intune and TeamViewer after new connector setup
- Granular role-based permissions not assigned within the new connector settings
- New connector setup wizard not completed or connector authorisation not re-granted after migration
Diagnostic steps
-
Sign in to the Microsoft Intune admin center (intune.microsoft.com) and navigate to Tenant Administration > Tenant status to confirm the Intune service release is 2604 or later.
-
Navigate to Tenant Administration > Connectors and tokens > TeamViewer Connector and check whether the legacy or new connector is currently configured. Note any deprecation warnings, expiration notices, or 'unsupported' status messages.
-
In the TeamViewer Management Console, verify that SSO is configured between your Azure AD / Microsoft Entra ID tenant and the TeamViewer tenant. SSO is a prerequisite for the new connector.
-
Attempt to initiate a remote assistance session from Devices > All devices by selecting a managed device. If the option is greyed out or fails, confirm this is due to the legacy connector status rather than a device compliance or platform issue.
-
Review role assignments in the Intune admin center to confirm which roles (e.g., Help Desk Operator) are expected to initiate remote assistance, and cross-reference with permissions available under the current connector configuration.
-
Check device group mappings to determine whether Intune device groups are correctly reflected in the TeamViewer tenant — absent synchronisation will prevent scoped remote access for helpdesk roles.
Resolution path
- Confirm Intune service release is 2604 or later via Tenant Administration > Tenant status.
- Navigate to Tenant Administration > Connectors and tokens > TeamViewer Connector in the Intune admin center.
- Note any deprecation warnings on the legacy connector and begin migration — do not wait for the 12-month deadline.
- In the TeamViewer Management Console, configure SSO integration with Azure AD / Microsoft Entra ID if not already in place — this is required for the new connector.
- Launch the new TeamViewer connector setup wizard in Intune, follow the redesigned authorisation flow, and grant the required permissions using TeamViewer admin credentials.
- Configure device group synchronisation within the new connector settings to map Intune device groups to corresponding TeamViewer groups.
- Assign granular role-based permissions within the connector configuration to scope remote assistance access by Intune role (e.g., Help Desk Operator) and device group.
- Test remote assistance by selecting a managed Windows, macOS, Android, or iOS/iPadOS device in Devices > All devices and initiating a new remote assistance session.
- Confirm the legacy connector is fully retired and document the completed migration before the 12-month deprecation deadline.
Prevention
- Monitor Microsoft Intune 'What's New' announcements and service release notes proactively to identify connector and feature changes ahead of deployment.
- Complete migration to the new TeamViewer connector well in advance of the 12-month deprecation deadline to avoid unexpected remote assistance outages.
- Maintain SSO integration between Microsoft Entra ID and TeamViewer to ensure seamless, credential-consistent authentication for support sessions.
- Establish a post-release validation routine to test remote assistance functionality after each major Intune service release update.
- Regularly audit role-based access control permissions for remote assistance to ensure helpdesk operators have appropriate, least-privilege access.
- Maintain device group synchronisation hygiene between Intune and TeamViewer to ensure new device groups are reflected in remote access scoping.
Tools
- Microsoft Intune admin center (intune.microsoft.com)
- TeamViewer Management Console
- Microsoft Entra ID / Azure AD (SSO configuration)
- TeamViewer remote assistance client
- Microsoft Intune 'What's New' release notes