Enrolling Linux Devices and Setting Compiance Policies in Intune

My morning coffee hit me in a very different way this morning. I’ve been sitting on the whole Linux enrollment feature introduced a few weeks ago and this morning I thought I need to do it. This is an early look at the Linux Enrollment and what Compliance Policies are available from Intune.

What I will be covering? 👇🏽

  1. Linux Device Enrollment
    1. Supported Linux Flavours
    2. Prerequisites
    3. How to Install the Microsoft Intune App
    4. Device Enrollment Steps
    5. How to check Intune?
    6. Azure AD Devices Section
  2. Compliance Policies for Linux-Based Devices
    1. Allowed Distros
    2. Require Custom Compliance
    3. Device Encryption
    4. Password Policy
  3. Wrapping Up

Linux Device Enrollment

Supported Linux Flavours

  • Ubuntu Desktop 22.04 or 20.04 LTS
  • A GNOME graphical desktop environment (automatically included with Ubuntu Desktop 22.04 and 20.04 LTS)

Prerequisites

  • Microsoft Edge web browser, version 102.X or later: The Edge browser is used to access your organization’s websites and other online resources.
  • Microsoft Intune app: The Linux version of the Microsoft Intune app is used for enrollment. The Intune app registers your device with your org and enrolls it in Intune.

How to Install the Microsoft Intune App

Follow this link for more, but I will add the same lines below

Install Curl.
$ sudo apt install curl gpg

Install the Microsoft package signing key

For Ubuntu 20.04:

$ curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg

$ sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/

$ sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/20.04/prod focal main" > /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list'

sudo rm microsoft.gpg

For Ubuntu 22.04:

$ curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg

$ sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/

$ sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list'

sudo rm microsoft.gpg

Install the Microsoft Intune app

$ sudo apt update

$ sudo apt install intune-portal

Reboot your device

Device Enrollment Steps

As you can see below, open the Intune app and Sign in

Enter your credentials and complete the sign-in process

Registration will continue with the enrollment as below

Once completed, the app will show the below details

If you need to remove the device, click on the 3 lines on the right-hand side and select Remove Device

How to check Intune?

Go to Intune Portal > Devices > Linux

You will now see the enrolled Linux device in the list

Check further details about the device

Azure AD Devices Section

Compliance Policies for Linux-Based Devices

Currently, there are few Compliance Policies available in the Intune Portal and they are coming from the Settings Catalog > Settings Picker section. Let’s look at what’s available here.

If we further look at every compliance policy as there are only few at the moment,

Allowed Distros

Require Custom Compliance

This section gives you the below options and you have the ability to setup from a reusable setting or use a rule file created in the JSON format

Device Encryption

Password Policy

Wrapping Up

As you can see the enrollment is very straightforward and the compliance polices are simple to set and easy to start enforcing them. I didn’t face any issues enrolling the VM. I believe Microsoft will work towards making the enrollment an automatic one like how it’s in Windows and also configuration profiles that can allow more managing otpions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.