Enrolling Linux Workstation in Intune

Workstations running the following Linux distributions can be enrolled in Intune to get secure access to University apps, data and systems protected by Conditional Access:

• Ubuntu Desktop 22.04 or 20.04 LTS (physical or Hyper-V machine with x86/64 CPUs)
• A GNOME graphical desktop environment (automatically included with Ubuntu Desktop 22.04 and 20.04 LTS)

NOTE: Ubuntu on WSL2 is not a supported scenario.

Ensure that you local account password is at least 10 characters long and contains at least one lower case, one upper case letter, one numeric character, and one special character.

First, you must install MS Edge Browser, click here. You will need to use it to access University websites and other online resources protected by authentication and Conditional Access.

Next, install Microsoft Intune app. You will use this app to register your device with Entra and enrol it in Intune. Follow these steps to install Intune app:

1. Install curl, if not installed yet using this command: sudo apt install curl
2. Install the Microsoft package signing key (replace 22.04 with 20.04 if needed):
   
   curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg

sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/ 

sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list' 

sudo rm microsoft.gpg
    
3. Install the Microsoft Intune app:
   
   sudo apt update

sudo apt install intune-portal
    

Follow these steps to register your Linux workstation in Entra and enrol it in Intune:

1. Open the Microsoft Intune app.
2. Sign in with your UWin Account.
3. On Help us keep your device secure screen, click Register.
4. On Set up access screen, click on Begin.
5. Review information on What can my organization see or do... screen then click Begin again to begin enrollment.
6. Wait 5-10 minutes while the Intune app enrolls your device and assigns conditional access policy. Click Refresh every few minutes until status changes from Not compliant to Can access resources. If instructed to, update the settings on your device to meet your organization's security requirements.

An on-screen confirmation appears when your device is enrolled and ready-to-use for work. You can begin using your device for work right away. Launch and sign in to Microsoft Edge with your UWin Account to access University apps protected by authentication and Conditional Access.