Since a few weeks there is a new icon in the Intune console and this is linux. The linux support is a very long awaited feature and there was good feedback from the ommunity. Currently the feature set is still a bit limited, there is currently only the possibility to determine the complaince of the devices and apply conditioanl access policies. But this is just the beginning I am sure that in the next months we will see more and more features and also config profiles, updates,… for Linux. But let’s take a look at how to enroll an Ubuntu device in intune.
Prerequisites
- Ubuntu Desktop 22.04 or 20.04 LTS (With GNOME desktop enviroment)
- MS recommendation: Enable disk encription during the setup (It is easier to enable this directly during the setup)
- Microsoft Edge version >=102.X (To validate CA by accessing company ressources)
- Microsoft Intune app (Needed to enroll the device)
Install Ubuntu
- Download Ubuntu from the official source
- The recommend system requirements: 2 GHz dual-core processor / 4 GB system memory / 25 GB of free hard drive space
- Create an boot stick or insert the iso in a vm (in my case I use a VM)
- Install Ubuntu
Install Edge on ubuntu
- Open a Terminal and execute the following commands to install the edge browser:
sudo apt install software-properties-common apt-transport-https wget
wget -q https://packages.microsoft.com/keys/microsoft.asc -O- | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://packages.microsoft.com/repos/edge stable main"
sudo apt install microsoft-edge-dev
sudo apt update
sudo apt upgrade
- The atlernative way is to install edge via the firefox browser. You can download the package here: https://www.microsoft.com/en-us/edge?form=MA13FJ
- Check if the installation was successfull:
Install the Intune app on ubuntu
- Open a Terminal and execute the following command to install curl and gpg:
sudo apt install curl gpg- For ubuntu 20.04 run the following commands to install the Microsoft package signing key:
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/20.04/prod focal main" > /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list'
sudo rm microsoft.gpg- For ubuntu 22.04 run the following commands to install the Microsoft package signing key:
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list'
sudo rm microsoft.gpg
- Run the following commands to install the intune app:
sudo apt update
sudo apt install intune-portal- Reboot the device
Enroll the device in Intune
- Open the Intune App
- Sign in with an user account that has a intune license assigned
- Click Begin
Create a compliance policy
- Open the intune console
- Navigate to Devices -> Linux
- Here you can find the device
- Select compliance policies and click +Create policy
- Click Create
- Enter a Name
- Click Next
- Create the compliance checks you want (Hint: it is also possible to write a custom script)
- Click Next
- Click Next
- Create a assignment and click Next
- Click Create
Modern Device Management 
[…] https://jannikreinhard.com/2022/11/06/how-to-enroll-a-ubuntu-device-in-intune/ […]
LikeLike
Question: After you have successfully enrolled ubuntu 20.04, are you able to log in as a new Azure AD User to that device?
LikeLike
Hi no this is not yet supported only conditional access
LikeLike
Is there a version for 22.10 yet? None of the guides above are working.
LikeLike