Microsoft silently started rolling out Intune Support for Linux capabilities with Microsoft Intune. Several users reported this on Twitter. The first report was from a Twitter user @schenardie for one of the tenants in Australia. Many others also confirmed this on the Twitter thread. More details on this are below.
Initially, Microsoft announced Intune support for the Linux platform back in Ignite 2021. We could see Linux nodes getting appeared in HTMD lab tenants also. Microsoft has not confirmed the start of Linux support with Intune yet.
You can now Enroll your personal Linux device in Intune to get access to work or school resources using the MS Edge browser. The following are Intune supported Linux devices:
Ubuntu Desktop 22.04 or 20.04 LTS
A GNOME graphical desktop environment (automatically included with Ubuntu Desktop 22.04 and 20.04 LTS)
Intune Support for Linux Started Rolling out Soon
The Intune Support for Linux feature rollout is not complete as per the looks of it. The UI for the Linux platform Intune Configuration Policies is not complete yet. You can more details on the Twitter thread. We also don’t know whether this feature update would be part of Intune 2209 release.
- Linux node is available now for some of the Intune tenants.
As you can see in the below section, the list of platforms is not available yet. This is why we think this rollout of Linux support with Intune is not fully complete. It’s good news that Linux support is coming soon!
Basic Functionalities of Intune Linux Support
The following are the initial functionality is planned for this first release for Intune Linux desktop management. I’m sure there would be a lot of improvements in the future similar to Microsoft Intune Vs Jamf macOS Device Management Enhancements.
- Enroll Linux Ubuntu LTS (22.04 and 20.04) desktops into Intune MEM.
- Enable access to corporate resources via Microsoft Edge
- Conditional Access enforcement in Microsoft Edge
- Standard Compliance policies
- Linux distribution
- Device encryption
- Password complexity
- Bash script support for custom compliance policies
Ignite 2021 Details
Microsoft announced great news Endpoint Manager Intune Linux Support. The MEM Intune Linux support is for Linux Desktop experience scenarios. This is a good step forward to add additional support scenarios for MEM and other Microsoft echo system products.
As per the Ignite 2021 November edition presentation, Linux support is coming to Intune with many collaborative efforts with Azure AD Conditional Access and the Microsoft Edge team. We think this is a good starting point, and the features related to Linux support will get more interest in the coming days.
We were assuming that Microsoft would announce something related to Google Chromebook management support with MEM Intune. But it’s not announced Google Chromebook support, but we see the Linux desktop experience is announced. Well, you might need to wait further to get Itune support for Chromebook!
The Linux Workstation support preview with the Microsoft Unified Endpoint Manager solution will be available from early 2022. Microsoft is planning to add a Custom Compliance Policy for Linux. However, there are no timelines announced for this feature yet.
Intune Linux Support Details – Scenarios
Microsoft stopped the Linux client support for MEM ConfigMgr (aka SCCM) a few years before. Now, you can see the Linux support is coming back to MEM Intune. The following are initial supported scenarios or persona for Linux devices. There are two scenarios supported for Linux Workstation support for Endpoint Manager.
The Engineer Scenario – A developer or an engineer wanted to use Linux desktops or workstations to access corporate resources such as Office 365 apps and the Wi-Fi network. You would be able to access corporate resources using the Microsoft Edge browser.
IT Admin Scenario – IT Admins need to be able to ensure these Linux devices are compliant. Also mitigate issues with antivirus applications, etc. It also helps IT admins to deploy Software and scripts. Also, this helps IT admins to keep Linux workstations up to date with updates with Intune and Azure AD Conditional Access controls.
Azure AD Conditional Access Support for Linux Devices
This section will discuss the topics that Microsoft explained in Ignite 2021 Nov edition related to the Linux workstation support scenario. The Azure AD, Conditional Access policy helps IT admins identify the genuine users/devices trying to access corporate resources.
The following is the process flow explained in terms of the Linux support scenario. The Microsoft team helped us understand this process flow in the presentation at Ignite 2021. More Details are available in the resources section of the blog post.
- User Tries to Access Microsoft 365 solutions (aka office web apps) in Microsoft Edge from a supported Linux Desktop experience PC.
- Users will get redirected to download and Install Intune agent for Linux desktop experience PCs.
- Azure AD Registration of the Linux Device will happen. The Linux PC record will be available in the Azure AD Devices blade.
Intune enrollment of the Linux Device will happen as the next step. Now, Intune will check the compliance rules and the Azure AD Conditional Access policy will give access to corporate resources if the device is compliant.
Intune Enrollment Experience for Linux PCs
Let’s see Intune Enrollment Experience for Linux PCs. Microsoft announced that Intune support for Linux is coming in early 2022. However, this is not the General Availability of Linux Desktop experience support from Microsoft Endpoint Manager Intune.
The GA of this feature is going to take more time (maybe another year or so). Also, Microsoft explained in the short demo the Intune enrollment experience for the first release of Linux support. This is the first version of Intune Linux Support.
As mentioned above, the user will get redirected to download Intune Linux Agent with the help of the Azure AD conditional access policy. Download the Intune agent for Linux and install it. You will have to log in to the Company portal using corporate credentials to start the enrollment process of Linux PC.
You will need to click on Begin button to start the end-to-end process. The user will get all the information that the organization can see or do on the privacy screen. Click on the Next button to continue with the setup.
As you can see in the below screenshot, the registration device is the next step after reviewing privacy information.
Once the Azure Active Directory Device registration is complete, you will see the Linux device record in the AAD Devices node. After the Azure AD registration, you would see that Intune evaluates the compliance rule set by Microsoft Endpoint Manager admins for Linux PCs.
Once the Linux PC can complete the compliance check successfully, the Intune and Azure AD conditional access policy will allow the device to access corporate resources like Microsoft Teams, Outlook (OWA), etc.
NOTE! – I don’t see any details about the Intune-supported Linux OS list. I can only see Ubuntu 20.04 LTS as the OS that Microsoft used for the Ignite demo.
Intune Supported Features for Linux Clients
In this section, you will get more details on Intune Supported Features for Linux Clients. Microsoft announced some interesting features with the public preview release of Linux workstation support in early 2022. I don’t think Microsoft is ready with Chromebook MEM Intune Management.
NOTE! – I don’t think the Linux thin client (example iGel) devices will be supported in the first release. We will need to wait and see what the other features coming with later releases – similar to the custom compliance policy for Linux.
- Enroll Linux Desktops with Endpoint Manager and AAD
- Target/Enforce compliance policies
- Required Linux Distribution types and versions
- Set Password complexity for Linux PCs
- Encryption related policy for Linux PCs
- Reporting in Endpoint Manager Portal
- Ensure Antivirus Software is enabled
- Deploy Custom Scripts
- Apply Wi-Fi profiles and Certificates
- User Conditional Access to grant web app usage based on device compliance
Install Intune App on Linux Devices
$ sudo apt install curl gpg
For Ubuntu 20.04:
$ curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg $ sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/ $ sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/20.04/prod focal main" > /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list' sudo rm microsoft.gpg
For Ubuntu 22.04:
$ curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg $ sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/ $ sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list' sudo rm microsoft.gpg
Install Intune App for Linux devices
$ sudo apt update $ sudo apt install intune-portal
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.