Enroll Ubuntu Linux devices in Intune

Did you know that you can also manage Linux devices in Intune? Currently Intune supports the following distributions:

  • Ubuntu Desktop 22.04 LTS
  • Ubuntu Desktop 20.04 LTS
  • RedHat Enterprise Linux 8
  • RedHat Enterprise Linux 9

Check out the official docs for the most up to date information: aka.ms/enrollmylinux

Let’s start

Since I have no access to REHL, we will use Ubuntu 22.04.5 desktop for the demo. Let’s start by installing Ubuntu as you would do normally:

Install Microsoft Edge Browser

Once we are in the running OS, we can start with the installation of the Microsoft Edge Browser. First, we have to download the setup file from the Microsoft Edge for Business Website:

Once downloaded, simply install the .deb install file:

Install Intune Agent

You can find the needed commands for your distro in the official MS Docs: Install Intune app
For Ubuntu 22.04 the process looks like this, the first thing that we install are the packages gpg and curl:

Next, we will install the Microsoft package signing key:

And finally install the Intune Agent package:

To complete the installation, we just have to reboot the device.

Enroll the device

To actually enroll the device, we just have to open the Intune App:

And sign in:

Intune

Compliance Policy

Now that we have our first Linux device enrolled, what can we do with it?

The first thing that we should do is to create a Compliance Policy:

Give it a name:

And select which settings we want to check:

Since the available options a still a bit limited compared to other platforms, we can also create a custom compliance policy script to check whatever we require:

I will cover custom compliance scripts in a future blog post.
On the next page, we can select what should happen if the compliance checks were not successful:

After configuring Scope Tags and assigning the policy, we can check our work in the Review + Create page and finally create the policy:

Scripts

Now that we have our Compliance Policy set, we can assign custom bash scripts to the device. Microsoft itself offers a few sample scripts on GitHub: microsoft/shell-intune-samples: Sample shell scripts for Intune admins.

For the demo, I will use the samples script to install Google Chrome.

We will set the execution context to root and upload the shell script:

After selecting Scope tags and assigning the script to a group of devices, we can check our settings again and create the profile:

Conclusion

While the available options for Linux based devices are still limited compared to other operating systems, the fact that we now at least have a basis to manage Linux based devices at all is a huge milestone in having Intune as a centralized management platform for all our client devices.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *