How to enroll a ubuntu device in intune

Since a few weeks there is a new icon in the Intune console and this is linux. The linux support is a very long awaited feature and there was good feedback from the ommunity. Currently the feature set is still a bit limited, there is currently only the possibility to determine the complaince of the devices and apply conditioanl access policies. But this is just the beginning I am sure that in the next months we will see more and more features and also config profiles, updates,… for Linux. But let’s take a look at how to enroll an Ubuntu device in intune.

Prerequisites

  • Ubuntu Desktop 22.04 or 20.04 LTS (With GNOME desktop enviroment)
  • MS recommendation: Enable disk encription during the setup (It is easier to enable this directly during the setup)
  • Microsoft Edge version >=102.X (To validate CA by accessing company ressources)
  • Microsoft Intune app (Needed to enroll the device)

Install Ubuntu

  • Download Ubuntu from the official source
    • The recommend system requirements: 2 GHz dual-core processor / 4 GB system memory / 25 GB of free hard drive space
    • Create an boot stick or insert the iso in a vm (in my case I use a VM)
    • Install Ubuntu

Install Edge on ubuntu

  • Open a Terminal and execute the following commands to install the edge browser:
sudo apt install software-properties-common apt-transport-https wget
wget -q https://packages.microsoft.com/keys/microsoft.asc -O- | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://packages.microsoft.com/repos/edge stable main"
sudo apt install microsoft-edge-dev
sudo apt update
sudo apt upgrade
  • Check if the installation was successfull:

Install the Intune app on ubuntu

  • Open a Terminal and execute the following command to install curl and gpg:
sudo apt install curl gpg
  • For ubuntu 20.04 run the following commands to install the Microsoft package signing key:
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/20.04/prod focal main" > /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list'
sudo rm microsoft.gpg
  • For ubuntu 22.04 run the following commands to install the Microsoft package signing key:
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list'
sudo rm microsoft.gpg
  • Run the following commands to install the intune app:
sudo apt update
sudo apt install intune-portal
  • Reboot the device

Enroll the device in Intune

  • Open the Intune App
  • Sign in with an user account that has a intune license assigned
  • Click Begin

Create a compliance policy

  • Open the intune console
  • Navigate to Devices -> Linux
  • Here you can find the device
  • Select compliance policies and click +Create policy
  • Click Create
  • Enter a Name
  • Click Next
  • Create the compliance checks you want (Hint: it is also possible to write a custom script)
  • Click Next
  • Click Next
  • Create a assignment and click Next
  • Click Create

One thought on “How to enroll a ubuntu device in intune

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s