Microsoft announced great news Endpoint Manager Intune Linux Support. The MEM Intune Linux support is for Linux Desktop experience scenarios. This is a good step forward to add additional support scenarios for MEM and other Microsoft echo system products.
As per the Ignite 2021 November edition presentation, Linux support is coming to Intune with many collaborative efforts with Azure AD Conditional Access and the Microsoft Edge team. I think this is a good starting point, and the features related to Linux support will get more interest in the coming days.
I was assuming that Microsoft would announce something related to Google Chromebook management support with MEM Intune. But it’s not announced Google Chromebook support, but I see the Linux desktop experience is announced. Well, you might need to wait further to get Itune support for Chromebook!
The Linux Workstation support preview with Microsoft Unified Endpoint Manager solution will be available from early 2022. Microsoft is planning to add a Custom Compliance Policy for Linux. However, there are no timelines announced for this feature yet.
Intune Linux Support Details – Scenarios
Microsoft stopped the Linux client support for MEM ConfigMgr (aka SCCM) a few years before. Now, you can see the Linux support is coming back to MEM Intune. The following are initial supported scenarios or persona for Linux devices. There are two scenarios supported for Linux Workstation support for Endpoint Manager.
The Engineer Scenario – A developer or an engineer wanted to use Linux desktops or workstations to access corporate resources such as Office 365 apps and the Wi-Fi network. You would be able to access corporate resources using the Microsoft Edge browser.
IT Admin Scenario – IT Admins need to be able to ensure these Linux devices are compliant. Also mitigate issues with antivirus applications, etc. It also helps IT admins to deploy Software and scripts. Also, this helps IT admins to keep Linux workstations up to date with updates with Intune and Azure AD Conditional Access controls.
Azure AD Conditional Access Support for Linux Devices
This section will discuss the topics that Microsoft explained in Ignite 2021 Nov edition related to the Linux workstation support scenario. The Azure AD, Conditional Access policy helps IT admins identify the genuine users/devices trying to access corporate resources.
The following is the process flow explained in terms of the Linux support scenario. The Microsoft team helped us understand this process flow in the presentation at Ignite 2021. More Details are available in the resources section of the blog post.
- User Tries to Access Microsoft 365 solutions (aka office web apps) in Microsoft Edge from a supported Linux Desktop experience PC.
- User will get redirected to download and Install Intune agent for Linux desktop experience PCs.
- Azure AD Registration of the Linux Devce will happen. The Linux PC record will be available in Azure AD Devices blade.
- Intune enrollment of the Linux Device will happen as the next step.
- Now, Intune will check the complaince rules and Azure AD Conditional Access policy will give access to corperate resource if the device is compliant.
Intune Enrollment Experience for Linux PCs
Let’s see Intune Enrollment Experience for Linux PCs. Microsoft announced that Intune support for Linux is coming in early 2022. However, this is not the General Availability of Linux Desktop experience support from Microsoft Endpoint Manager Intune.
The GA of this feature is going to take more time (maybe another year or so). Also, Microsoft explained in the short demo the Intune enrollment experience for the first release of Linux support. This is the first version of Intune Linux Support.
As mentioned above, the user will get redirected to download Intune Linux Agent with the help of the Azure AD conditional access policy. Download the Intune agent for Linux and install it. You will have to log in to the Company portal using corporate credentials to start the enrollment process of Linux PC.
You will need to click on Begin button to start the end-to-end process. The user will get all the information that the organization can see or do on the privacy screen. Click on the Next button to continue with the setup.
As you can see in the below screenshot, the registration device is the next step after reviewing privacy information.
Once the Azure Active Directory Device registration is complete, you will see the Linux device record in the AAD Devices node. After the Azure AD registration, you would see that Intune evaluates the compliance rule set by Microsoft Endpoint Manager admins for Linux PCs.
Once the Linux PC can complete the compliance check successfully, the Intune and Azure AD conditional access policy will allow the device to access corporate resources like Microsoft Teams, Outlook (OWA), etc.
NOTE! – I don’t see any details about the Intune supported Linux OS list. I can only see Ubuntu 20.04 LTS as the OS that Microsoft used for the Ignite demo.
Intune Supported Features for Linux Clients
In this section, you will get more details of Intune Supported Features for Linux Clients. Microsoft announced some interesting features with the public preview release of Linux workstation support in early 2022. I don’t think Microsoft is ready with Chromebook MEM Intune Management.
NOTE! – I don’t think the Linux thin client (example iGel) devices will be supported in the first release. We will need to wait and see what are the other features coming with later releases – similar to the custom compliance policy for Linux.
- Enroll Linux Desktops with Endpoint Manager and AAD
- Target/Enforce compliance policies
- Required Linux Distribution types and versions
- Set Password complexity for Linux PCs
- Encryption related policy for Linux PCs
- Reporting in Endpoint Manager Portal
- Ensure Antivirus Software is enabled
- Deploy Custom Scripts
- Apply Wi-Fi profiles and Certificates
- User Conditional Access to grant web app usage based on device compliance
- Video – https://techcommunity.microsoft.com/t5/video-hub/manage-linux-devices-with-microsoft-endpoint-manager/ba-p/2911262
Anoop is Microsoft MVP! He is a Solution Architect on enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, Intune. He writes about technologies like ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.…