Intune – You can now onboard Linux clients in Intune

As you know, Intune/Endpoint Configuration Manager is the device management solution from Microsoft, allowing you to manage Windows, MacOS, iOS/iPad or Android devices – from device configuration to software deployment or device compliance.

Well, until now there was one major operating system missing: Linux.

Good news, you can now onboard Linux devices in Intune to manage them; well at least manage the compliance of the Linux device.

Before you start, you need to know:

  • only Ubuntu Desktop 22.04 or 20.04 LTS is supported
  • Microsoft Edge 102.x or later (https://www.microsoft.com/edge)
  • Intune app (the enrollment package for Linux)

Install the Intune app

To install the Intune app, logon to your Ubuntu Desktop and run the below commands and restart your device

sudo apt install curl gpg

curl https://packages.microsoft.com/keys/microsoft.asc | gpg –dearmor > microsoft.gpg

sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/

  • For 20.04

sudo sh -c ‘echo “deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/20.04/prod focal main” > /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list’

  • For 22.04

sudo sh -c ‘echo “deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main” > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list’

sudo rm microsoft.gpg

sudo apt update

sudo apt install intune-portal

image

You may have some error related to not being able to install dependencies (like libssl1.1 or libsdbus-c++0), in this case run the below command before trying again the Intune portal install command

sudo rm /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list

sudo apt-get update

sudo apt install intune-portal

Create the device compliance policy

Then you can configure the device compliance profile for Linux to manage:

  • Allowed distributions
  • Custom compliance
  • Device encryption
  • Password policy

To create this compliance profile, logon to your Intune portal (https://endpoint.microsoft.com/) and access the Devices\Compliance policies blade to create the Linux compliance policy and select the Linux platform

image  image image

or you can create a custom compliance setting by following this documentation https://learn.microsoft.com/en-us/mem/intune/protect/compliance-use-custom-settings

Register your Linux device to Intune

Open the Intune app (aka Company Portal) to sign in with your corporate account and follow the enrollment process; if you stop at the Set up access step, your device will only be registered to Azure AD

image  image  image  image  image  image

Create a conditional access

As the idea of managing Linux devices compliance is to ensure they meet your security requirements, you finally need to create a conditional access policy for Microsoft Edge to ensure devices are compliant before accessing your corporate resources.

You can use a dynamic device group using the deviceOSType property to look for Linux as value and/or deviceOSVersion property to look for Ubuntu

Leave a Comment

Your email address will not be published. Required fields are marked *