My morning coffee hit me in a very different way this morning. I’ve been sitting on the whole Linux enrollment feature introduced a few weeks ago and this morning I thought I need to do it. This is an early look at the Linux Enrollment and what Compliance Policies are available from Intune.
What I will be covering? 👇🏽
Linux Device Enrollment
Supported Linux Flavours
- Ubuntu Desktop 22.04 or 20.04 LTS
- A GNOME graphical desktop environment (automatically included with Ubuntu Desktop 22.04 and 20.04 LTS)
Prerequisites
- Microsoft Edge web browser, version 102.X or later: The Edge browser is used to access your organization’s websites and other online resources.
- Microsoft Intune app: The Linux version of the Microsoft Intune app is used for enrollment. The Intune app registers your device with your org and enrolls it in Intune.
How to Install the Microsoft Intune App
Follow this link for more, but I will add the same lines below
Install Curl.$ sudo apt install curl gpg
Install the Microsoft package signing key
For Ubuntu 20.04:
$ curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
$ sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
$ sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/20.04/prod focal main" > /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list'
sudo rm microsoft.gpg
For Ubuntu 22.04:
$ curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
$ sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
$ sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list'
sudo rm microsoft.gpg
Install the Microsoft Intune app
$ sudo apt update
$ sudo apt install intune-portal
Reboot your device
Device Enrollment Steps
As you can see below, open the Intune app and Sign in
Enter your credentials and complete the sign-in process
Registration will continue with the enrollment as below
Once completed, the app will show the below details
If you need to remove the device, click on the 3 lines on the right-hand side and select Remove Device
How to check Intune?
Go to Intune Portal > Devices > Linux
You will now see the enrolled Linux device in the list
Check further details about the device
Azure AD Devices Section
Compliance Policies for Linux-Based Devices
Currently, there are few Compliance Policies available in the Intune Portal and they are coming from the Settings Catalog > Settings Picker section. Let’s look at what’s available here.
If we further look at every compliance policy as there are only few at the moment,
Allowed Distros
Require Custom Compliance
This section gives you the below options and you have the ability to setup from a reusable setting or use a rule file created in the JSON format
Device Encryption
Password Policy
Wrapping Up
As you can see the enrollment is very straightforward and the compliance polices are simple to set and easy to start enforcing them. I didn’t face any issues enrolling the VM. I believe Microsoft will work towards making the enrollment an automatic one like how it’s in Windows and also configuration profiles that can allow more managing otpions.
EMS Route - Shehan Perera 