Start managing your Linux with Intune
It´s time to start enrolling your Linux computers to Intune. Linux started to show in Intune back in 2022 and we have not seen any big changes after that. So, let’s assume the initial bugs are solved and we can start the enrollments.
Why Enroll your Linux?
The management possibilities are still very limited. Very limited! So, keep your expectations on a low and basic level. But even this basic management can be of great value for some business.
- You get an inventory of your Linux devices.
Linux are often a big black hole and you have no idea who and what they are using.
- You can verify compliance.
If you have verified compliance, you can use Conditional Access to block non-compliant Linux devices.
- User can keep track of devices
The Linux computer will show up as a device in Company Portal
How do I enroll my Linux?
First you need to fulfill the prerequisites. Intune supports only a limited set of Linux flavors.
- Ubuntu 20.04 and later with GNOME (GUI)
Yes, that´s it. It might also be possible on other flavors of Debian. But not supported (yet)
Then it´s time to install the required components, Edge and Microsoft Intune.
- On your Ubuntu computer, open Terminal
- Update your Ubuntu by running this command:
Sudo apt update && Sudo apt upgrade -y
- Install Curl by running this command:
Sudo apt install curl gbg
- Add Microsoft repository and add your GPG key to authenticate by running:
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list'
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main" > /etc/apt/sources.list.d/microsoft-edge.list'
sudo rm microsoft.gpg
- Update the package lists by running:
Sudo apt update
- Install Edge Browser by running:
sudo apt install microsoft-edge-stable
- Install Microsoft Intune by running:
sudo apt install intune-portal
Now the required components are installed. let’s enroll
- Open the app Microsoft Intune
- Click Sign In
- Sign in with your M365 credentials
- When asked to Register Device, Click Register
- If using Multifactor, it will prompt you to verify credentials.
- Back in Microsoft Intune app, select Begin
- Read what my organization can see or do, and select Begin
- If all goes well, the Linux device is now enrolled in Intune.
The compliance is always non-compliant until the compliance has been tested. select Refresh to update compliance information
When compliance is verified, you can select View issues and read what you need to do to be compliant:
Manage your Linux devices in Intune
As I listed before, there is only a few features at the moment.
You can list your devices
You can see some hardware and soft attributes on the device
You can create compliance policies and evaluate a few compliance settings:
We also have support in Conditional Access for Linux, so now that you can verify compliance, you can require the Linux device to be compliant to access all apps.
Thats about it. I really hope there is more to come. But this is a god start!