Microsoft Intune is Microsoft’s endpoint management solution that allows you to manage Windows, MacOS, iOS/iPad or Android devices – from device configuration to software deployment or device compliance.

Well, until now there was one major operating system missing: Linux.

Good news, you can now onboard Linux devices in Intune to manage them; well at least manage the compliance of the Linux device.

Before you start, you need to know:

  • only Ubuntu Desktop 22.04 or 20.04 LTS is supported
  • only Microsoft Edge 102.x or later is supported (https://www.microsoft.com/edge)
  • You’ll need the Intune app (the enrolment package for Linux)
Install the Intune app

To install the Intune app, logon to your Ubuntu Desktop and run the below commands and restart your device:

sudo apt install curl gpg

curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg

sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/

  • For 20.04

sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/20.04/prod focal main" > /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list'

  • For 22.04

sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list'

sudo rm microsoft.gpg

sudo apt update

sudo apt install intune-portal

Onboarding Linux Clients to Intune (2).png

You may have some error related to not being able to install dependencies (like libssl1.1 or libsdbus-c++0), in this case run the below command before trying again the Intune portal install command

sudo rm /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list

sudo apt-get update

sudo apt install intune-portal

Create the device compliance policy

Then you can configure the device compliance profile for Linux to manage:

  • Allowed distributions
  • Custom compliance
  • Device encryption
  • Password policy

To create this compliance profile, logon to your Intune portal (https://endpoint.microsoft.com/) and access the Devices\Compliance policies blade to create the Linux compliance policy and select the Linux platform.

Onboarding Linux Clients to Intune (3).png

Onboarding Linux Clients to Intune (4).png

Onboarding Linux Clients to Intune (5).png

or you can create a custom compliance setting by following this documentation https://learn.microsoft.com/en-us/mem/intune/protect/compliance-use-custom-settings

Register your Linux device to Intune

Open the Intune app (aka Company Portal) to sign in with your corporate account and follow the enrollment process; if you stop at the Set up access step, your device will only be registered to Azure AD

Onboarding Linux Clients to Intune (6).png Onboarding Linux Clients to Intune (7).png Onboarding Linux Clients to Intune (8).png Onboarding Linux Clients to Intune (9).pngOnboarding Linux Clients to Intune (10).png

Create a conditional access

To meet your Linux device compliance and security requirements, you need to create a conditional access policy for Microsoft Edge to ensure devices are compliant before accessing your corporate resources.

You can use a dynamic device group using the deviceOSType property to look for Linux as value and/or deviceOSVersion property to look for Ubuntu.