Already a NinjaOne customer? Log in to view more guides and the latest updates.

NinjaOne Remote

  • Last Updated October 14, 2025

NinjaOne Remote gives IT teams and Managed Service Providers (MSPs) a fast, secure, and reliable way to connect to any endpoint, no matter where it’s located. With support for Windows, macOS, Android, iOS, and iPadOS, technicians can troubleshoot issues, deliver hands-on support, and resolve problems in real time.Because it’s built directly into the NinjaOne platform, there’s no need to juggle multiple tools, everything you need to manage and support devices lives in one place.

For MSPs and IT departments, the benefits are immediate. Faster response times mean less downtime for end users, while strong security with encrypted sessions and role-based access keeps every connection protected. By consolidating remote support into the same platform used for monitoring, patching, and automation, NinjaOne Remote not only improves technician efficiency but also reduces costs and complexity. The result is a smoother support experience, happier end users, and more time for IT teams to focus on strategic priorities.

How does NinjaOne Remote work?

NinjaOne Remote has two components:

  1. The streamer. This is the client component, deployed on each managed endpoint that will be remote controlled. The NinjaOne agent automatically installs the client in silent mode.
  2. The player. This is the program that initiates the connection and must be manually installed on the computer used to control the remote device.

The NinjaOne cloud service provides rendezvous and relay services for remote sessions, forwarding traffic between the source and target devices.

When a technician initiates a remote session by clicking the Computer icon icon from the device dashboard, the remote endpoint receives a connection request and after some handshaking that takes a few seconds, the remote session starts. If “Ask end user for confirmation before connecting to device” is enabled in the configuration options, the session starts only after the end user approves the request.

During the remote session, the endpoint displays a small notification window that states the device is being remotely controlled and identifies the remote party via the configured branding name. End users may hide the notification; hiding it does not end or affect the session.

In the technician’s viewer, the remote desktop is displayed within a framed window. The header bar at the top displays the remote endpoint´s name and provides icons for common actions.

What actions can the technician perform during a remote session?

Beyond full remote control (as if working locally at the endpoint), the technician can invoke a set of quick actions, such as: sending keystrokes (like CTRL-Alt-Del, F12, F10, etc), remote printing, file transfers, initiate a chat session with the end user, change the session settings, record the session, change the default directory to store the session recordings, adjust the video quality, and terminate the session, among other things.

How do I enable NinjaOne Remote in NinjaOne in my tenant?

To enable NinjaOne Remote in your tenant, you need to:

  1. Enable the NinjaOne App.
  2. Enable the NinjaOne client integration on each organization. This step automatically deploys the streamer to the devices you select by role (Windows Workstation, Mac, Android, etc).

How do I enable NinjaOne App in NinjaOne?

To enable NinjaOne App in NinjaOne, follow the steps below:

  1. Navigate to Administration > Apps.
  2. Click on NinjaOne Remote. The NinjaOne Remote configuration page appears showing NinjaOne Remote disabled.

NinjaOne Remote under Installed tab in Administration

  1. Click Enable. The NinjaOne configuration options appear.

Enabled NinjaOne Remote

  1. At this point, the NinjaOne App is enabled with the default configuration, and you can proceed with deploying the streamer on the endpoints. A later section in this document describes the available configuration options and how to tailor them to your requirements, globally, at the organization level, or per device.

How can I change the NinjaOne Remote Default configuration options globally?

You can change the default configuration options right after enabling NinjaOne Remote by editing the available options, or by navigating to Administration > Apps > NinjaOne Remote. You will see a configuration screen with three tabs; click Edit to change the options. Let´s go over the options under each tab.

NinjaOne Remote configurations

  1. Advanced Settings tab. See below the options under this tab.
    1. Branding. This setting determines the branding name displayed on the endpoint during remote-control sessions. The displayed name notifies the end user that the device is under remote control and identifies the controlling party.
    2. Background mode. This setting enables or disables the NinjaOne Remote background mode. A later section in this document explains this mode.
    3. Default Player Settings. This set of options determines how the player behaves, see below for available options.
      • Session timeout – Defines the inactivity period after which the remote session is automatically terminated. Keyboard or mouse activity in the viewer resets the timer. This applies only to the remote session and does not modify the endpoint’s OS idle/lock policies. Upon timeout, you can configure the post-session action: no action, lock the workstation, or sign out the user.
      • Prevent inactivity timeout – When this option is enabled, the endpoint is kept active during the remote session so that keyboard/mouse inactivity does not trigger the screensaver or auto-lock. This affects only the session and does not change system policies.
      • Synchronize clipboard – When this setting is enabled, the viewer and endpoint clipboards are synchronized, enabling copy and paste in both directions between the technician’s computer and the remote device for the duration of the session.
      • Clear clipboard when session closes – When enabled, the clipboards of both the technician’s workstation and the remote endpoint are cleared automatically upon session termination, helping prevent residual data exposure.
      • Logout when session closes – Logs out the logged in user on the remote side when the session closes.
      • Lock device when session closes – Locks the remote computer when the session closes.
      • Disable remote wallpaper – When enabled, the viewer hides the remote desktop wallpaper to reduce bandwidth and improve performance. This setting affects only what the technician sees during the session; it does not permanently change the user’s wallpaper on the endpoint.
      • Prevent technician keyboard and mouse – When enabled, the technician’s keyboard and mouse input are blocked; the session is view-only.
      • Auto record – When enabled, the session is automatically recorded, the recording is stored on the technician´s computer on \users\<username>\videos. (Mac and Windows). As soon as the connection is terminated, a pop up window appears on the technician´s screen showing the recording file name.
    4. Default Streamer Settings.

Automatically update – When enabled, the streamer updates itself silently in the background whenever a new version is available.

  1. IP allowlist tab. There is only one option under this tab: IP Allow list.

When the IP Allowlist is enabled, the system permits remote connections only from the specified WAN source IP addresses. All other sources are blocked. Up to 10 IP addresses can be added to the list. Once the connection is established, it remains allowed even if the WAN/public IP changes. To enable this option, add at least one IP address to the list.

  1. Quick Connect tab. There is only one option under this tab: Quick Connect.

When this option is enabled, the Quick Connect add-on is available. Quick Connect enables remote access to devices that are not enrolled in NinjaOne, using a per-invitation (invitation-based) workflow. Access is temporary and scoped to the specific invitation.

How can I adjust the NinjaOne Default configuration options for one organization?

Organization-level options can be customized to meet the specific requirements of a given organization. When defined, these options override the global defined settings, just for that organization.

To define or adjust organization-level settings, follow the steps below.

  1. navigate to Administration > Organizations, then click on your organization. The organization editor appears.
  2. On the left side menu, click NinjaOne Remote. You´ll see the NinjaOne Remote options on the right side, showing two tabs: General and Advanced.
  3. Click Advanced.

NinjaOne Remote advanced settings

  1. Select Custom. The NinjaOne Remote options appear.

NinjaOne Remote custom settings

  1. Adjust the settings per your preferences; see below setting definition.
    1. Branding. Display name for connection – This setting determines the branding name displayed on the endpoint during remote-control sessions. The displayed name notifies the end user that the device is under remote control and identifies the controlling party.
    2. Default Player Settings. This set of options determines how the player behaves, see below for available options.
      • Session timeout – This setting defines the inactivity period after which the remote session is automatically terminated. Keyboard or mouse activity in the viewer resets the timer. This affects only the session and does not change the endpoint’s OS idle/lock policies.
      • On session close – Defines the action to perform when the remote session terminates. Options include no action, lock the workstation, or sign out the remote user.
      • Prevent inactivity timeout – When this option is enabled, the endpoint is kept active during the remote session so that keyboard/mouse inactivity does not trigger the screensaver or auto-lock. This affects only the session and does not change system policies.
      • Synchronize clipboard – When this setting is enabled, the viewer and endpoint clipboards are synchronized, enabling copy and paste in both directions between the technician’s computer and the remote device for the duration of the session.
      • Clear clipboard when session is closed – When enabled, the clipboards of both the technician’s workstation and the remote endpoint are cleared automatically upon session termination, helping prevent residual data exposure.
      • Disable remote wallpaper – When enabled, the viewer hides the remote desktop wallpaper to reduce bandwidth and improve performance. This setting affects only what the technician sees during the session; it does not permanently change the user’s wallpaper on the endpoint.
      • Prevent technician keyboard and mouse – When enabled, the technician’s keyboard and mouse input are blocked; the session is view-only.
      • Auto record – When enabled, the session is automatically recorded, the recording is stored on the technician´s computer on \users\<username>\videos. (Mac and Windows). As soon as the connections is terminated, a pop-up window appears on the technician´s screen showing the recording file name.

How can I adjust the NinjaOne Default configuration options for one single devce?

Certain devices may require more restrictive NinjaOne Remote configurations. Configure the options as illustrated below and follow the subsequent procedure to complete the adjustments.

  1. Navigate to the device editor.
  2. Click Settings.
  3. On the left side menu, click Apps.

Apps tab from left side menu

  1. Click Edit in front of NinjaOne Remote. The NinjaOne Remote editor appears.

Edit NinjaOne Remote settings

  1. From this screen you can disable NinjaOne Remote for the device or enforce an approval prompt on the endpoint. If the end user does not grant consent, the connection is blocked, and no session is established. Optionally, you can set a timeout which will allow the connection even if the end user does not grant his consent.
  2. The remaining options are the same as previously explained for global options and organization level options.
  3. Click Update.

How do I enable the NinjaOne client integration for my organization?

Enabling this integration deploys the NinjaOne streamer on the selected device roles. To enable the NinjaOne client integration for one organization, follow the steps below:

  1. Navigate to Administration > Organizations.
  2. Click your organization. The organization editor appears.

General NinjaOne Remote settings

  1. Click Enable integration. A list of node roles appears.

Enable integration. A list of node roles appears.

  1. Check the box for the node role where you want to deploy the streamer.
  2. If you select “Ask the end-user for a confirmation before connecting”, two more options appear: Confirmation timeout and Allow access if the end-user does not answer within the timeout threshold. Select these options per your needs. These options don´t apply for mobile devices.
  3. Click Save.

How do I install the NinjaOne Remote Player on my computer?

Follow the steps below to download and install the NinjaOne Remote Player on your computer.

  1. Navigate to Administration > Library > Downloads.
  2. On the right side, locate the NinjaOne Remote player for your OS from the list, and click on it. This will download it

NinjaOne Remote Downloads

  1. Once it´s downloaded, install it on your computer according to your OS.

What is the NinjaOne Remote Background mode?

NinjaOne Remote Background Mode is a remote session type that runs under the Windows SYSTEM account on a separate, minimal maintenance desktop, independent of the user’s interactive session. It is purpose-built for silent, non-intrusive administration so the signed-in user can continue working uninterrupted. The environment presents a simplified black desktop and is not designed for end-user applications; software that depends on the user’s session, profile-bound tokens, or GPU/interactive graphics may not launch, however, core maintenance tools, like file browser, disk manager, registry editor, event viewer, service manager, PowerShell/CMD, etc., do run in this mode.

NinjaOne Remote Background mode

Technicians can use this mode when maintenance must occur during business hours. Actions that interrupt the user like reboots, logoffs, forced app restarts, or stopping critical services should be avoided. If a reboot is required, coordinate with the user and schedule it outside working hours or use a standard remote session.

Note: Only technicians that have explicitly granted permission, either by role or individually can access this feature.

FAQ

NinjaOne Remote uses TCP port 443 and supports SOCKS 5 proxies. In case port 443 does not respond, it will use port 7075 as a backup.

In most environments, no inbound rules are required on endpoints. Both the technician console and the endpoint make outbound connections to the NinjaOne cloud (primary TCP 443, fallback TCP 7075). With a stateful/NAT firewall, reply traffic is allowed on those established sessions.

Windows: Outbound is typically allowed by default, so no change to Windows Defender Firewall is needed. If your host/network firewall enforces egress filtering, allow outbound TCP 443 and TCP 7075 to NinjaOne service endpoints. Do not open inbound 443/7075 on the endpoint.

macOS: Same principle—no inbound listener is exposed. The macOS Application Firewall governs inbound only, so you normally don’t need changes. If you restrict outbound, allow egress on TCP 443 (primary) and TCP 7075 (fallback).

Why no inbound ports? 

NinjaOne Remote is cloud-brokered/relayed: both sides dial out to the NinjaOne service in the cloud, which brokers the session and relays traffic over those outbound connections. Opening inbound 7075/443 on endpoints adds exposure without benefit.

Additional considerations

  • Proxies / SSL inspection: If you use them, allowlist or bypass NinjaOne Remote traffic; deep inspection can break sessions.
  • macOS permissions (TCC): Remote control requires Screen Recording and Accessibility; Full Disk Access is optional but recommended for advanced file operations. In managed environments, pre-approve these permissions using MDM PPPC payloads to prevent end-user prompts.

The operating systems supported by the NinjaOne Remote player are Windows, MacOS and Linux.

Yes, you can turn off the “Enable NinjaOne Remote on this device” switch.

You can find the switch by navigating to the device editor, then Click Settings, then Apps and then click Edit in front of the “NinjaOne Remote” label.

By default, session recordings are stored on the technician´s computer, on the folders indicated below:

Windows: \users\<username>\movies

Mac: /users/<username>/movies

Linux: /home/<username>/videos

However, the default location can be changed during a remote session, in the top toolbar, by clicking the gear icon, then select additional settings, then, under the General tab, find the Select directory for recordings, then choose the folder.

Absolutely, just like technicians, users can also take advantage of NinjaOne Remote and take control of their computers when they are away. This can be achieved through the End User Portal.

Yes, NinjaOne Remote supports up to three simultaneous connections to the same endpoint, whether from the same technician or different users. All active sessions share the same desktop view as the end user.

Not necessarily, NinjaOne Remote is permission gated. Access is granted through technician roles or per-user assignments. Background Mode is controlled by an additional, distinct permission. (Note: Even with permission, sessions may require end-user approval if settings enforce it.)

Yes, NinjaOne remote can be used to access mobile devices like smart phones and tablets. Limitations imposed by the OS and the enrollment type may only allow remote view. The table below shows these limitations. Enrollment types can be:

COBO (Company owned, business only)

COPE (Company owned, personally enabled)

BYOD (Bring your own device)

OS/Enrollment type Remote access allowed

Android / COBOFull-control mode (End user must allow remote control in the device settings)
Android / COPEView-only (Limitation imposed by Android Enterprise)
Android / BYODView-only (Limitation imposed by Android Enterprise)
Apple / AnyView-only (limitation is imposed by the OS)