Linux Enrollment in Intune, the Ultimate Guide

Microsoft Intune, a robust endpoint management solution, has long provided support for managing Windows, macOS, iOS, and Android devices. In recent years, Microsoft has expanded its capabilities to include Linux devices, reflecting the growing demand for managing diverse IT environments.

This article provides an overview of Intune enrollment for Linux devices, the benefits, prerequisites, and a step-by-step guide to get started.

1. Why Manage Linux Devices with Intune?

As organizations adopt Linux for its flexibility, open-source nature, and cost-effectiveness, IT administrators face the challenge of managing these devices alongside traditional platforms. Intune offers several benefits for Linux device management:

1. Unified Management: Manage Linux devices alongside other operating systems using a single console.
2. Compliance Policies: Enforce Organization Standard’s Compliance Policies such as password requirements and disk encryption.
3. Custom Configuration: You can Push any Custom Configuration via Scripts to Linux.

2. Linux Enrollment Prerequisites

Service-Side Requirements:

Intune License: Every user MUST have an Intune license assigned.

Client-Side Requirements:

1. Supported Linux Version: Ubuntu Desktop 22.04 or 20.04 LTS, RedHat Enterprise Linux 8 or 9
   • Either Physical Machine or Hyper-V machine with x86/64 CPUs are Supported.
2. OS must be having a GNOME (graphical desktop environment).
3. Microsoft Edge Browser to be installed v 102.x or Later. (installation steps explained in the following section)
4. Microsoft Intune Application. (installation steps explained in the following section)

3. Step-by-Step Guide to Enroll Linux in Intune

Note: If You’ve a Physical Machine, you can Jump directly to installing all prerequisites.

3.1 Prepare Virtual Machine

Using Hyper-V, click on create Virtual Machine. Give it a name and select Location to store VM Data

Virtual Machine MUST be Version2

Allocate amount of RAM for the VM based on Host Capabilities and select Dynamic RAM to enable allocation based on VM need.

Select Network Switch Based on Hyper-V (or Virtualization Application Configuration)

Give the VM’s Hard Drive Name, location and size in GB.

Define the path for OS installation ISO, This Link will guide you to download Ubuntu Desktop iso File

Now, VM Setup Wizard is completed. you need to open VM Settings and click on security then check on “Enable Secure Boot” for VM Disk Encryption.

After Powering ON the VM, you’ll see multiple options. Choose “Try or Install Ubuntu” and hit Enter

Select Minimal Installation to save time installing un-necessary App installation (you can install it later).

This step is very important: you MUST decide now whether you need to encrypt Hard-Disk or not. Because you can enforce checking disk-encryption via compliance policy.

Encryption need to be enabled during OS Setup.

If it’s needed in compliance policy: click on advanced feature, and select “encrypt the new ubuntu installation for security”

at this step, you’ll set the Encryption Key and then click on “Install Now”

You need to identify here the VM Computer Name and Login Credentials (User Name and Password) then installation will start normally.

After OS installation is completed, you’ve to eject installation file and reboot VM.

From Hyper-V you need to select Media, DVD Drive and select Eject.

3.2 Installing all Client-Side Prerequisites (Edge + Intune App)

After Logging to the VM, using Firefox (pre-installed with VM) you can search for Edge download Page

Or navigate directly from this link then select Linux (.deb) file

Open Downloads and right click on Edge file, select “open with other Application”

Click on Install

After successful installation for Edge App, open it, click on Profile icon and complete user-login

Now, we’ll install the Intune Application

click on App Menu button and select Terminal Application

First Command: sudo apt install curl gpg >> this command is responsible of installing the “curl” package which is responsible of downloading data files via Websites.

Second Command: will download Microsoft Certificate and install it on the machine. so, when user run “apt-get updates” or “apt-get upgrades” all the checks and data transfer with machine will be encrypted and validated.

Plus it’s defining as well path for Intune-App which will be used to download it at the first time and installing later updates (ex. https://packages.microsoft.com/ubuntu/20.04/prod focal main and https://packages.microsoft.com/ubuntu/22.04/prod jammy main)

For Ubuntu 20.04:

• curl https://packages.microsoft.com/keys/microsoft.asc | gpg –dearmor > microsoft.gpg
• sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
• sudo sh -c ‘echo “deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/20.04/prod focal main” > /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list’
• sudo rm microsoft.gpg

For Ubuntu 22.04:

• curl https://packages.microsoft.com/keys/microsoft.asc | gpg –dearmor > microsoft.gpg
• sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
• sudo sh -c ‘echo “deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main” > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list’
• sudo rm microsoft.gpg

Final Command: will install Intune Application

sudo apt update
sudo apt install intune-portal

3.3 Linux Enrollment Steps

Open the Intune App and complete sign-in

At this step, user MUST click on Register Button to complete Azure Registration.

Click on Begin Button to start adding the device to Intune.

Then a message will show with all Data collected from Intune side once device got enrolled.

Then finally Intune App will show device compliance evaluation, ownership, OS info. as follow

4. Limitations

Currently, Intune has limited support for Linux device configurations, allowing only compliance policies and scripts to be assigned. However, there is growing optimism that Intune will continue to expand its configuration capabilities for the Linux platform.

5. Conclusion

Enrolling Linux devices in Microsoft Intune enables organizations to achieve unified endpoint management, enhancing security and efficiency in mixed-OS environments. While the capabilities for Linux are still evolving, they provide a solid foundation for managing Linux desktops in enterprises. By following the steps outlined above and adopting best practices, IT administrators can seamlessly integrate Linux devices into their Intune-managed environments.

Stay tuned for updates from Microsoft as Linux support in Intune continues to expand.

Discover more of our blog articles for a comprehensive guide and valuable insights!