Forum Discussion

Magic27510's avatar
Magic27510
Copper Contributor
Jan 19, 2024

How to foce intune client in Ubuntu to synch automatically

Hello, in my company we have enrolled Devs Ubuntu devices to control some security setting and allow or not the access to our company apps and content. We have set compliance policies and enabled c...
Conditional Access
Intune
Simone_Termine's avatar
Simone_Termine
Brass Contributor
Dec 18, 2025

Hi Magic27510​ 
what you’re seeing is (unfortunately) pretty consistent with how Intune on Linux works today.

The Intune app for Linux checks in at enrollment and then “whenever you’re using your device for work”, so if users don’t open/sign in (or don’t trigger the work flow), the last check-in can sit there for days.

Two practical angles:
1) Make compliance reporting “ISO-friendly” without chasing a daily sync button
If your goal is “we must be sure devices report regularly”, Intune already has a tenant control for that: Compliance status validity period (days). Default is 30 days, but you can set it lower (e.g., 7 or 1). If a device doesn’t report back within that window, it becomes noncompliant, which you can then report on (and Conditional Access can block).
This doesn’t force a sync, but it gives you a clean audit story: “devices must check in every X days or they are noncompliant”.

2) “Best-effort” client-side nudge (not always a true substitute for user sign-in)
There isn’t an officially documented “force sync” CLI like on Windows, but community reports suggest you can trigger the Linux agent manually via:

/opt/microsoft/intune/bin/intune-agent

Also, on some setups the agent is driven by a systemd user timer (so it only runs when the user session exists). You can check/enable it like:

systemctl --user status intune-agent.timer
systemctl --user enable --now intune-agent.timer

Big caveat: if the device needs an interactive user token refresh, the agent run may still not fully update compliance until the user signs into the Intune app again (which matches what you observed).

Last option (admin-side): you can trigger a remote “Sync” action from the Intune admin center for a device, but that’s manual, not something you’d schedule daily at scale.

If you tell me whether your Linux enrollment is the “Intune app + Edge for work access” model, and roughly what check-in frequency you need for ISO evidence (daily vs weekly), I can suggest a sensible validity period + CA/reporting setup that won’t lock your devs out every morning.

Resources