(26) Blocking Linux Intune Enrolment
- Mr B SOE way
- Nov 9, 2022
- 1 min read
In the previous post I covered how to enrol your Linux device into Intune.
What if you don't want Linux to be enrolled into Intune which also ties into Conditional Access Policy. You might be thinking the easiest would be updating the "Enrolment device platform restrictions", unfortunately this does not exist yet.
This is why a Conditional Access Policy will need to be created.
What will be covered here in this post will be broken down into:
Step 1: Create Conditional Access Policy
Step 2: Testing on Linux Device
Step 3: Viewing Conditional Access Logs
Step 1: Create Conditional Access Policy
1. Navigate to https://endpoint.microsoft.com/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Policies, select New policy
2. Enter the following for the Conditional Access Policy.
Name: Baseline Policy: Block Linux Enrolmnt
Users or workload identities: All users (optional: pilot group)
Cloud apps or actions: Select Apps: Microsoft Intune enrollment
3. Under Conditions, select Device Platforms then select Configure (Yes) and tick "Select device platforms" and select Linux.
Under Grant, select Block access.
4. Select Create, then select On for Enable policy.
Step 2: Testing on Linux Device
1. On the Linux device, open Intune Company Portal, select Sign In.
2. Login with UPN and Password, then select Sign In.
3. It ask to load the wizard with enrolling the device.
4. It will then load that Linux cannot be enrolled.
Step 3: Viewing Conditional Access Logs
1. Navigate to https://endpoint.microsoft.com/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/signInlogs, select Sign-in logs then select User sign-in (non-interactive)
Comments