(25) Managing Linux with Intune
- Mr B SOE way
- Oct 31, 2022
- 3 min read
I thought I would try this out, and gave it a shot for myself. The process with setting this up is straightforward.
What will be covered here in this post will be broken down into:
Step 1: Installing Linux Desktop for Intune – Ubuntu Desktop 22.04
Step 2: Install Microsoft Edge for Linux
Step 3: Get the Microsoft Intune app for Linux
Step 4: Enroll Linux device in Intune
Step 5: Create Device Compliance and Dynamic Group
Step 1: Installing Linux Desktop for Intune – Ubuntu Desktop 22.04
1. Navigate to https://releases.ubuntu.com/22.04/ and download the latest version of Ubuntu Desktop.
2. Open up Hyper-V Manager, mount the ISO. Select Create Virtual Machine.
3. Once it has been created, select Edit Settings.
4. Go to Secure Boot, and edit settings to Microsoft UEFI Certificate Authority.
5. Begin the installation with setup process, follow the steps.
Select Restart Now.
Step 2: Install Microsoft Edge for Linux
1. Navigate to https://www.microsoft.com/en-us/edge and download the Microsoft Edge (.deb)
2. Once downloaded, select open with Software install.
3. Select Install.
4. Next verify that Edge has been installed.
Step 3: Get the Microsoft Intune app for Linux
1. Next launch the terminal app, and run the following: sudo apt install curl gpg and enter the password to run it.
2. Next run lsb_release -a to determine the Ubuntu release.
3. Once you know which version of Linux you have, you must use the commands below to install the Microsoft package signing key. Open up Terminal, copy and paste the commands to run it.
For Ubuntu 20.04, install the Microsoft package signing key using the following commands.
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/20.04/prod focal main" > /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list'
sudo rm microsoft.gpgFor Ubuntu 22.04, install the Microsoft package signing key using the following commands.
$ curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
$ sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
$ sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list'
sudo rm microsoft.gpg3. Next run the following to install Intune App on Linux in the same terminal with:
sudo apt-get update
4. Next run in Terminal: sudo apt install intune-portal to get Microsoft Intune app installed.
5. Ensure that Microsoft Intune app is installed.
Step 4: Enroll Linux device in Intune
1. Select Sign In.
2. Enter UPN for the account you wish to enrol with and password.
3. Next select Register.
4. You will get an authentication approval when prompted.
5. You will be prompted to setup the following, select Begin.
6. Select Begin.
7. Once the device has been registered, then it check the status to ensure it meets the requirements.
8. Now it's compliant.
9. Navigate to https://endpoint.microsoft.com, select on Devices then Linux and you will see the device is now enrolled.
Step 5: Create Device Compliance and Dynamic Group
1. Navigate to https://endpoint.microsoft.com, select on Devices then Linux
2. Select Compliance Policies, then create Compliance Policy.
3. Enter a name for the Compliance Policy.
4. From the Settings Catalog, choose any of the desired settings.
5. Create a Dynamic Group with the following
Group Type: Securtiy
Group Name: Linux - All Corporate Devices
Membership type: Dynamic Device
Select Add dynamic query
6. Select the required where rule syntax is:
(device.deviceOSType -eq "Linux)
Select Validate and add the Linux virtual machine that is enrolled to validate. Select Save.
7. Assign the Compliance policy to the recent created dynamic group.
8. Run Intune Portal App on the Linux box again, it will check the status and confirmed it is compliant.
Comments