Microsoft Intune supports managing Ubuntu Linux devices, including the latest Ubuntu 24.04. Enrolling these devices provides a more comprehensive view of all devices within your organization. Linux desktops, in particular, have been a hot topic in many discussions around security and compliance. This journey begins by using Intune to register them in Entra ID, ensuring better management and integration. This way you will also be able to check for compliance and force conditional access via Microsoft Edge.
Prerequisites
- Supported Linux Distributions:
- Ubuntu Desktop 24.04, 22.04, or 20.04 LTS (physical or Hyper-V machines with x86/64 CPUs).
- Download: https://ubuntu.com/download/desktop
- Microsoft Intune App for Linux:
- Available from the Microsoft package repository: https://packages.microsoft.com/.
- The Intune App is essentially a simplified version of the Company Portal App that you may already be familiar with from Windows or macOS.
- Entra ID Credentials:
- Ensure the user is licensed for Intune.
- When enrolling into Intune the device will also be registered in Entra ID.
Install Microsoft Intune App on Ubuntu
- Prepare Your System:
Install required tools and the Microsoft signing key:
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/24.04/prod noble main" > /etc/apt/sources.list.d/microsoft-ubuntu-noble-prod.list'
sudo rm microsoft.gpg- Install the Intune App:
sudo apt update
sudo apt install intune-portal- Reboot Your Device:
After installation, reboot to ensure every services run correctly.
Enroll Your Device in Intune
- Launch the Intune App:
Open the app from the application menu or via terminal:
intune-portal- Sign In:
Use your Entra ID credentials to log in and complete the enrollment process. - Verify Enrollment:
Check the Intune portal to confirm your device is listed under “Devices > All devices.”
Update or Remove the Intune App
- Update:
Keep the Intune app up to date with the following commands:
sudo apt update
sudo apt-get dist-upgrade- Uninstall:
Remove the app and its configuration data:
sudo apt remove intune-portal
sudo apt purge intune-portalCommon Issues and Fixes
Error: “Something went wrong. Please try again later. [1001]”
This error usually occurs when the device limit for a user in Entra ID has been reached. If you frequently test with VMs and don’t remove them from Intune, you’ll likely encounter this issue when the default limit of 15 registered devices associated with your primary UPN is exceeded. To resolve this, follow these steps:
- Check Logs for Details:
Run the following command to monitor logs:
journalctl --user -f -u microsoft-identity-broker.serviceLook for errors such as:
Caused by: com.microsoft.identity.broker4j.workplacejoin.exception.DrsErrorResponseException: {"code":"invalid_request","subcode":"error_directory_quota_exceeded","message":"User 'xxxx' is not eligible to enroll a device of type 'Linux'. Reason 'DeviceCapReached'."}- Resolve Device Cap Issue:
- Go to the Intune portal.
- Navigate to “Devices > All devices.”
- Remove any stale or unnecessary devices associated with the user.
- Retry Enrollment:
After removing old devices, attempt the registration process again.
Final Thoughts
By following these steps, you can effectively enroll and manage Ubuntu 24.04 devices in Microsoft Intune. Addressing common issues such as the device cap error ensures a smoother enrollment process. For more details, refer to the official documentation or explore additional resources on Linux device management: https://learn.microsoft.com/en-us/mem/intune/user-help/microsoft-intune-app-linux