Forum Discussion
How to foce intune client in Ubuntu to synch automatically
Hello,
in my company we have enrolled Devs Ubuntu devices to control some security setting and allow or not the access to our company apps and content.
We have set compliance policies and enabled conditional access to check its.
i have been surprised this morning by the last checking date of my Ubuntu laptops and ask my Devs of last signin in company portal client and the date match with the last checking date.
I concluded, the company portal is synching only when the user open it and signin.
This is a big problem for us because we are certified ISO27001 and we must check all devices compliance.
Somebody has a script to deploy on those ubuntu devices and force a synch every day waiting for a Microsoft evolution of this process.
Thanks a lot and regards
Majid
6 Replies
Hi Magic27510
what you’re seeing is (unfortunately) pretty consistent with how Intune on Linux works today.The Intune app for Linux checks in at enrollment and then “whenever you’re using your device for work”, so if users don’t open/sign in (or don’t trigger the work flow), the last check-in can sit there for days.
Two practical angles:
1) Make compliance reporting “ISO-friendly” without chasing a daily sync button
If your goal is “we must be sure devices report regularly”, Intune already has a tenant control for that: Compliance status validity period (days). Default is 30 days, but you can set it lower (e.g., 7 or 1). If a device doesn’t report back within that window, it becomes noncompliant, which you can then report on (and Conditional Access can block).
This doesn’t force a sync, but it gives you a clean audit story: “devices must check in every X days or they are noncompliant”.
2) “Best-effort” client-side nudge (not always a true substitute for user sign-in)
There isn’t an officially documented “force sync” CLI like on Windows, but community reports suggest you can trigger the Linux agent manually via:/opt/microsoft/intune/bin/intune-agent
Also, on some setups the agent is driven by a systemd user timer (so it only runs when the user session exists). You can check/enable it like:
systemctl --user status intune-agent.timer
systemctl --user enable --now intune-agent.timerBig caveat: if the device needs an interactive user token refresh, the agent run may still not fully update compliance until the user signs into the Intune app again (which matches what you observed).
Last option (admin-side): you can trigger a remote “Sync” action from the Intune admin center for a device, but that’s manual, not something you’d schedule daily at scale.
If you tell me whether your Linux enrollment is the “Intune app + Edge for work access” model, and roughly what check-in frequency you need for ISO evidence (daily vs weekly), I can suggest a sensible validity period + CA/reporting setup that won’t lock your devs out every morning.
The intune-portal service is extremely limited in the options department for Linux. Not sure why an app with only two graphical options (Login or Refresh). Does not allow either from Command Line.
$ intune-portal --help
Options:
-i, --interactive
-s, --socket-path
-h, --help
-V, --version
It looks like companies are expected to tell their Linux clients to Click intune-portal and Refresh every session.Hi Magic27510 , did you resolve this issue. We have the same requirements.
UgurKoc maybe you have a solution for this?
Hi Chriss,
we have give up our Devs Ubuntu integration in Intune , it was not mature and not ready yet for a professional use ( security compliance monitoring ..) we have chosen another way to monitor thoses devices ( Netskope client and device classification for example).
Hi Majid, did you resolve this issue?
