Forum Discussion

Aguinaco's avatar
Aguinaco
Copper Contributor
Dec 23, 2024

Ubuntu 24.04 LTS + Entra ID Authentication + Intune Enrollment

Hi Community

I want to combine in Ubuntu 24.04 LTS the new user authentication with Entra ID along with enrollment in Intune using the new version of the intune portal. The goal is that the user can log in Ubuntu with the local user created during the Device Authentication process and then be able to enroll in Intune and sign in to the portal whenever he wish.

During my tests, I have seen that if you install the necessary components for authentication with Entra ID, along with Microsoft Edge and the Intune company portal using the Ubuntu installation user, and then authenticate with the Entra ID user after the device authentication process, you get this error when you try to enroll using the company portal:

 

Continuing with my tests, I have seen that if you start Microsoft Edge you can save a default keyring with a password. This security feature is specific to GNOME as far as I have read.

With this keyring, it will be possible to enroll the device in Intune later. When starting the company portal, the default keyring password is requested, and after entering it,  enrollment can be completed. From then on, the user can sign in to the portal as long as they enter that password

However, the generation of this default keyring is a process that we do not want to leave in the hands of the user. The goal is to deliver the device to the user with all the necessary software, so that once they have authenticated the device with Entra ID, they can open the company portal and enroll in Intune.

Does anyone know if there is a way to avoid using such keyrings in a scenario like this? On a machine with only Ubuntu and Edge, it is possible to make this process transparent, by disabling user autologin or setting an empty password for this keyring, but in the scenario of Ubuntu + Entra ID + Intune, I can't manage it.

Thanks for your help and I wish you a great 2025

Intune
mobile device management (mdm)

3 Replies

  • davidce3199's avatar
    davidce3199
    Copper Contributor
    Nov 01, 2025

    Hi everyone,

    have you managed to make any progress with this setup?
    I’m facing exactly the same issue — my goal is to create a preconfigured Ubuntu 24.04 LTS ISO image that, once installed, allows the user to sign in directly with Entra ID and automatically enrolls the device in Intune (without any manual steps like creating a local user or unlocking keyrings).

    So far, I haven’t found a reliable way to automate the Intune enrollment work smoothly after Entra ID authentication.

    Did you manage to solve or automate this part in any way?
    Any hint or updated step-by-step guide would be greatly appreciated.

    Thanks!
    David

  • danielnunescvt's avatar
    danielnunescvt
    Copper Contributor
    Jan 15, 2025

    Brother, I have exactly the same problem as you. However, I couldn't get past the first step, which is when I receive the code [4u3gb] after authenticating with the Entra-ID user and opening the Intune Portal.

    Even though it's a manual process, could you show me how you managed to complete the registration? Would it be possible to share a step-by-step guide? I haven’t been able to register the application despite multiple attempts. I noticed the issue only occurs when using Entra-ID, resulting in the code [4u3gb] in the Intune Portal. At the company, I want to use Linux, so solving this step would be a significant breakthrough.

    If I test with a local machine user, without using authd (Entra-ID), and use the local user with the Intune Portal, it allows me to register the application. So, I’d like to know how you managed to do it.

    The image below shows the code I receive after logging in with my Entra-ID (authd) user and opening the Intune Portal to try to register the device.

    Here is the installation script (https://justpaste.it/authd-intune-portal-ubuntu24)  I used to complete the process, starting with a clean installation of Ubuntu 24.04, followed by the procedure to install authd, as described in the link: https://canonical-authd.readthedocs-hosted.com/en/latest/howto/.

    I also followed Microsoft's instructions to install the Intune Portal, available at the link: https://learn.microsoft.com/en-us/mem/intune/user-help/microsoft-intune-app-linux.

    It’s important to note that when logging in with a local user and opening Intune, I can authenticate and register the device without any issues. However, when using the Entra-ID user, the error I am reporting occurs. I have already verified that my application has all the required permissions as outlined in the documentation.



    Please, I need help, because I want to continue using Linux in the company where I work, but we can only do so if I can solve the problem...

    • Aguinaco's avatar
      Aguinaco
      Copper Contributor
      Jan 16, 2025

      Hi Daniel,

      I don´t have a documented step by step guide of the process right now, just a few notes. What I did was:

      Login as local User:

      • install all the Enta ID stuff
      • log in with Entra ID user
      • log in again as local user and give admins rights to the Entra ID user (I don´t even know if this step is necessary as I can install later the company portal with the local users password)

      After that logged as Entra ID user:

      • company portal installation (user is admin)
      • lauch Company Portal. It doesn´t work and I receive the same error code
      • Launch Edge. I´m asked to save a keyring and provide a password for it.
      • Launch again the company portal (Edge is still open,but I think this is irrelevant now), I'm asked for that keyring password and after entering it the enrollment process is successful.

      This is where I'm staying now, and honestly, I haven't been able to dedicate more time to test with it. I've done it with VMware virtual machines. If you discover any other clues, please share them with me so we can solve this together.

      Best regards

Resources