This post guide you to Create Linux Compliance Policy in Intune Portal. By configuring the Compliance Policy for Linux device in Intune, you can define the set of rules and settings that must meet to be compliant.
Compliance policy configuration is an important design decision while managing devices with Intune. Intune compliance policies are the first step of the protection before providing access to corporate applications, along with Conditional Access policies.
You can now Enroll your personal Linux device in Intune to get access to work or school resources using the MS Edge browser. The following are Intune supported Linux devices:
- Ubuntu Desktop 22.04 or 20.04 LTS
- A GNOME graphical desktop environment (automatically included with Ubuntu Desktop 22.04 and 20.04 LTS)
It is recommended to enable encryption when you first install Ubuntu Desktop on your device. Your organization may require your device to be encrypted, and it’s easiest to encrypt the device during OS installation.
They are expanding on Intune’s built-in device compliance options, use policies for custom compliance settings for managed Linux devices. Custom settings provide flexibility to base compliance on the settings available on a device without having to wait for Intune to add these settings.
The custom compliance policies in Intune enable IT admins to write their Bash scripts to evaluate attributes of the Linux endpoints that are most important to their organization. Custom compliance policies allow organizations to cover their specific compliance scenarios.
Create Linux Compliance Policy in Intune
Before you create a Linux compliance policy in Intune, you must enroll the Linux devices in Intune tenant. Let’s check how you can create compliance policy in Intune for Linux devices.
- Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com.
- Select Devices > Compliance policies > Policies > Create Policy.
In Create Profile, Select Platform, Linux, and Profile: Select Settings catalog. Click on Create button.
On the Basics tab, specify a Name that helps you identify them later. For example, Password Policy for Linux devices. You can also choose to specify a Description and click on Next.
On the Compliance settings tab, select Add settings. Expand the available categories, and configure settings for your policy. The profile type uses settings from the Settings catalog.
Expand each available category and select the settings you want to include in your policy. You will have the following compliance options available for Linux management.
- Allowed Distros
- Maximum Version
- Minimum Version
- Custom Compliance
- Discovery Script
- Rules file
- Device Encryption
- Password Policy
- Minimum Digits
- Minimum Length
- Minimum Lowercase
- Minimum Symbols
- Minimum Uppercase
For Example, I selected the Password Policy under it you can see the 5 settings are available. I am going to choose all the options in the settings picker.
All the settings are shown and configured with a default value. Select the minus if you don’t want to configure a setting.
When you click on the information icon on every setting, It will display tooltip text and values-based directly to help you understand exactly what each setting will do when configured. Specify the value based on your organization requirements for password policy.
On the Actions for noncompliance tab, specify a sequence of actions to apply automatically to devices that don’t meet this compliance policy.
On the Review + create tab, review the settings and select Create when ready to save the compliance policy. The users or devices targeted by your policy are evaluated for compliance when they check in with Intune.
Intune uses different refresh cycles to check for updates to compliance policies. If the device is recently enrolled, the check-in runs more frequently.
Device compliance reports are meant to be broad and provide a more traditional reporting view of data to identify aggregated metrics. This report is designed to work with large datasets to get a full device compliance picture.
In Intune Portal, When you will check the Linux devices. Here you get the Compliance status Compliant for the devices you targeted.
Once the Linux PC can complete the compliance check successfully, the Intune and Azure AD conditional access policy will allow the device to access corporate resources like Microsoft Teams, Outlook (OWA), etc.
Here’s how you can export Intune Device Compliance policies from Intune portal. You have two options to navigate to the compliance policies node either you can navigate to the Devices node or Endpoint Security, Export Intune Device Compliance Policies.