Complete Guide to Managing Linux with Intune

This article is a complete guide to managing Linux with Intune. I will show you how to enroll Linux devices into Intune and manage them to make sure they are compliant. You can now sign up your personal Linux device for Microsoft Intune and use Microsoft Edge to get secure access to work or school resources.

Most of us know that you can enroll and manage Windows, Mac, iOS, and Android devices with Microsoft Intune. Many people may have thought that Intune already supports the management of Linux-based devices, but it’s a newly added capability. With the October 2022 Intune updates, you can enroll and manage Linux devices in Intune, which increases security and enables quality collaboration for Linux desktops.

With the latest announcement done in Ignite 2022 by Microsoft, the general availability of Linux desktop management in Microsoft Intune is now available. This means that you can use Microsoft Intune to sign up and register your own Linux device on your company’s network. Below is the announcement about the management and compliance checks for Linux desktops made by Microsoft:

The Intune, Microsoft Entra, and Microsoft Edge teams have partnered together to bring support for device registration, endpoint management, and secure web access to Microsoft 365 and Microsoft Azure resources for Linux Ubuntu LTS. With the October release of Microsoft Intune, organizations will be able to include Linux desktops as endpoints in their device management and security workloads. IT will be able to manage Linux devices alongside Windows, Mac, iOS, and Android devices and reduce the risk of breach by ensuring only compliant devices access company resources.

Microsoft Announcement on Linux Management with Intune

With Intune’s support for Linux devices, organizations will be able to manage Linux desktops with the same integrated solution they use to manage other endpoints. You can make sure that these Linux endpoints are compliant so that they can use the same security settings and policies to gain secure access to corporate resources.

Compared to Linux, the process of enrolling Windows devices in Intune is simple and straightforward. Moreover, there are multiple methods that one can use to add Windows devices to Intune. With Linux, there is currently only way to enroll the devices, and it may seem a bit complex initially.

On the same note, that reminds me of managing Linux devices using SCCM. The support for managing Linux devices using Configuration Manager ended long back. The interesting thing is you can after many years, Microsoft is taking about Linux Management with Intune.

Intune Support for Linux Platforms

Now that we know Intune supports Linux devices, the first release of Linux management in Intune will include the following functionalities:

• Enrollment of Ubuntu LTS (22.04, 20.04) desktops
• Conditional Access policies protecting web applications via Microsoft Edge
• Standard compliance policies
• Support for Bash scripts for custom compliance policies

If your tenant is flighted, then you will see the new Linux entry on the Devices menu in Intune Portal. Sign in to the Intune portal and select “Devices.” Under Device Platform, you will find a new entry called “Linux“, which confirms that you can enroll and manage Linux devices in Intune.

System Requirements for Linux Enrollment in Intune

Before you enroll Linux devices in Intune, note that device enrollment is supported on devices with:

• Ubuntu Desktop 22.04 or 20.04 LTS
• A GNOME graphical desktop environment (automatically included with Ubuntu Desktop 22.04 and 20.04 LTS)
• Microsoft recommends enabling encryption when you first install Ubuntu Desktop on your device. Your organization may require your device to be encrypted, and it’s easiest to encrypt the device during OS installation.

Note: Ubuntu LTS versions 22.04 and 20.04 will be the first Linux desktop operating systems supported for Intune management. However, in the future, other Linux OS distributions will be supported by Intune.

Prerequisites for Adding Linux Devices in Intune

If you want to add Linux devices to Intune, you must first install the following apps on the device:

• Microsoft Edge web browser, version 102.X or later: The Edge browser is used to access your organization’s websites and other online resources.
• Microsoft Intune app: The Linux version of the Microsoft Intune app is used for enrollment. The Intune app registers your device with your org and enrolls it in Intune. You also need the enrollment QR code that’s provided by your organization.

Managing Linux with Intune

The high-level steps for managing Linux with Intune involve the following.

1. Install the Linux Desktop for Intune (For ex. Ubuntu Desktop)
2. Download and Install Microsoft Edge for Linux
3. Get the Microsoft Intune app for Linux
4. Register Linux Devices in Microsoft Intune
5. Verify the Registered Devices in Intune Portal

In this article, I’ll go over each of the aforementioned steps in detail and provide instructions to help Intune administrators enroll Linux devices. If you run into any bugs or problems along the way, please let me know in the comments, and I’ll do my best to fix it.

Step 1: Installing Linux Desktop for Intune – Ubuntu Desktop 22.04

In this tutorial, I’ll show you how to install Ubuntu Desktop on your laptop or desktop computer. You must first download the Ubuntu Desktop ISO file by visiting the downloads section. Microsoft says that Intune for Linux will work with Ubuntu Desktop 22.04 or 20.04 LTS OS. So, I think that Intune would also be able to enroll Ubuntu Desktop 22.04 or 20.04 LTS and later versions.

You’ll need a laptop or PC with at least 25 GB of storage space to install Ubuntu Desktop. A flash drive (8 GB as a minimum, 12 GB or above is recommended).

I will install Linux Desktop on a virtual machine, which I will then use to sign up for Intune. This is the best way to test and get hands-on experience with Linux management in Intune. You may choose to install it on a desktop or laptop. Mount the Ubuntu desktop ISO file and let the setup begin. On the Install page, select the keyboard layout and click Continue.

The best part about the Ubuntu desktop is it lets you download the updates while installing the operating system. This ensures the OS is patched with latest updates. You must also enable the option “Install third-part software for graphics and Wi-Fi hardware and additional media formats“. Click Continue.

On the Installation Type page, select Erase disk and install Ubuntu. Click “Install Now.”

Enter the account name, computer name, and username and enter a complex password. Click Next.

The Ubuntu installation begins and takes approximately 10-15 minutes to complete. You must restart the computer to complete the installation.

Step 2: Install Microsoft Edge for Linux

To add Linux devices to Intune, Microsoft Edge should be installed on the device and used as the browser to access company resources. On the Ubuntu desktop, you will find the Firefox browser pre-installed, and you can use the same to download the Microsoft Edge browser.

To install Edge browser on Ubuntu, open the Firefox browser and go to https://www.microsoft.com/en-us/edge and download the Debian/Ubuntu (.deb) installation. When prompted, click the Accept and Download button.

We see the Microsoft Edge .deb install file will download to a default location on Linux. Open the .deb file and choose whether you want to open it with Archive Manager or Software Install. I am going to select the Software Install option here.

Click “Install” button to install the latest version of Microsoft Edge browser on Ubuntu Desktop.

Upon the completion of Edge browser installation, click Show Applications and in the search box type “Edge” and this should list Microsoft Edge in the search results. This completes the steps to install Edge for Linux.

Step 3: Get the Microsoft Intune app for Linux

Before you enroll Linux devices in Intune, you must install the Intune app. The Intune app installs an agent that lets you enroll the device in Intune. The Microsoft Intune app package is available at https://packages.microsoft.com/.

There are few commands that you need to run on a Linux device before you could install the Intune app on it. To use these commands, ensure you use an account that has the privileges to install the programs on your Linux distro.

Install Curl on Linux Device

You must use the Terminal app to run some commands during the installation of the Intune app for Linux. Make sure you are logged in with a user account that has the ability to install software. The first step you need to do is install curl. Click on Show Applications and launch the Terminal app. In the Terminal window, enter the below command to install Curl.

$ sudo apt install curl gpg

When installing Curl, if you are asked for the password, enter it and continue with the installation. From the terminal output, we see that Curl is installed on the Linux machine.

Determine the Ubuntu Release

The next steps will involve installing the Microsoft package signing key. To accomplish that you must first determine the release of Ubuntu. You can check the Ubuntu Desktop release you are running with the following command: lsb_release -a

Install Microsoft Package Signing Key for Linux

Once you know which version of Linux you have, you must use the commands below to install the Microsoft package signing key.

For Ubuntu 20.04, install the Microsoft package signing key using the following commands.

curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg

sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/

sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/20.04/prod focal main" > /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list'

sudo rm microsoft.gpg

For Ubuntu 22.04, install the Microsoft package signing key using the following commands.

$ curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg

$ sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/

$ sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list'

sudo rm microsoft.gpg

Install Intune App on Linux

After you have installed the Curl and Microsoft Package Signing Key for Linux, the next step is to install the Intune App. As we mentioned previously, the Intune app installs an agent that lets you enroll a Linux device in Intune. Launch the Terminal and the first command that you need to run is sudo apt update. The command sudo apt-get update is used to get package information from all sources that have been set up.

To install the Microsoft Intune app, run the command $ sudo apt install intune-portal. This will download and install the most recent version of the Intune app on your Ubuntu desktop.

On your Linux device, click Show Applications and look for the Intune app to find the Microsoft Intune application. If the Microsoft Intune app shows up in the list of installed programs, it means that the app was installed on your Linux device successfully.

Tip: Restart your computer and reinstall the Microsoft Intune app on Linux if you don’t see it listed under installed programs on your Linux device.

After you install the Intune App on Linux, reboot your computer once. This step is recommended by Microsoft too.

Step 4: Enroll Linux device in Intune

In this section, we will go through the steps of enrolling a Linux device into Intune. The same procedure applies when you want to enroll multiple Linux devices in Intune. With the help of Intune app, you can register the Linux device and manage them to make sure they are compliant.

On your Linux device, launch the Microsoft Intune App. The Intune Agent requires signing in to get access to work or school resources and keep them secure. Click on the Sign-in button to begin the enrollment process.

Sign in with an user account that has Intune license assigned to it. Enter the organization email address and password and complete the sign-in process.

You will now be asked to register the device. Click the Register button.

Click the Begin button to start the device registration process.

On the next screen, you will see what all your organization can see or do when you enroll Linux devices in Intune. The following details are collected by Intune agent and sent to Microsoft when you enroll Linux device in Intune.

• View Model, serial number, and operating system.
• Names of the apps you’ve installed.
• Identify the device name.
• View the information collected by work apps and networks.

Click Begin to continue with the Linux device enrollment.

Once your Linux device is registered, the device will automatically check for compliance. In the below screenshot, we see the status of the Linux device shows as Compliant. The status shows as “Compliant” because we haven’t configured any Compliance policies in Intune for Linux devices.

Step 5: View the Registered Linux Devices in Intune Portal

After enrolling the Linux devices into Intune, you can check the devices

• Sign-in to Microsoft Endpoint Manager (Intune Portal)
• Navigate to Devices > Linux Devices.
• Now you can see a list of all the Linux devices enrolled in Intune.

Wrapping Up

I hope that this step-by-step guide will help you get Linux devices set up and managed with Intune. Administrators can take advantage of the fact that Linux devices can now be enrolled and managed with Intune. We have to wait and watch to see if Microsoft makes it easier to onboard Linux clients into Intune and adds more features in coming months.