Microsoft Intune Company Portal for Linux and Conditional Access Issue
Greetings everyone, I have the following scenario implemented regarding conditional access: Rule#1: For pilotuser1, for all cloud apps, for all platforms --> require MFA Rule#2: For pilotuser1, for all cloud apps except Microsoft Intune Enrollment and Microsoft Intune, for all platforms --> Require Device marked as compliant This should allow me to enroll to Intune successfully a non-enrolled device and require the device compliance for the other workloads. For Windows it works just fine. The problem lies with Linux. Following the instructions on Enroll a Linux device in Intune | Microsoft Learn & Get the Microsoft Intune app for Linux | Microsoft Learn I installed Intune App and Edge (Version 109.0.1518.52 (Official build) (64-bit)) on a VM with Ubuntu 22.04. I open the Intune App and try to sign in: First step is to Register the Device on Azure AD, it goes without a problem --> On the next stage I get the following and press continue: At this stage Microsoft Edge opens and I sign in successfully but the Intune App throws an error: The sign in logs on Azure AD show that even though I excluded Intune Enrollment from the CA policy, it is not enough. Sign-in error code: 530003 Failure reason: Your device is required to be managed to access this resource. Additional Details: The requested resource can only be accessed using a compliant device. The user is either using a device not managed by a Mobile-Device-Management (MDM) agent like Intune, or it's using an application that doesn't support device authentication. The user could enroll their devices with an approved MDM provider, or use a different app to sign in, or find the app vendor and ask them to update their app. More details available at https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-device-remediation Application: Microsoft Intune Company Portal for Linux Application ID: b743a22d-6705-4147-8670-d92fa515ee2b Resource : Microsoft Graph Resource ID: 00000003-0000-0000-c000-000000000000 Client app: Mobile Apps and Desktop clients Client credential type: None Resource service principal ID: 01989347-a263-48ef-a8d7-583ee83db9a2 Token issuer type: Azure AD Apparently something is different in the enrollment process of Linux because I had no issues with Windows 10 enrollment . Any thoughts on the subject would be appreciated. Kind Regards, Panos
Linux Enrollment
I'm looking to start enrolling some Linux machines into our tenant and after going through the documentation about this, it specifies Ubuntu, would it be possible to use a downstream build like Pop? Additionally, the GNOME requirement seems a bit strange to me? Is there a specific function within GNOME that I could pull into another desktop environment like KDE so that the environment is very similar to what my users are used to, as most of them don't have much experience with Linux and DE's not like Windows.
linux device is not able to pass complaint status.
We have a CA policy applied to allow only complaint devices applied on linux devices. Linux device is showing as complaint on intune and azure portal. But users are not able to login via edge. On checking sign in logs, device is not showing as complaint.Intune for Linux - SSO authentication does not work (loops forever)
Hello everyone, I'm trying to enroll a Linux device (Ubuntu 22.04) with Intune. I've installed Edge and Intune, following the instructions at Enroll Linux device in Intune. I open Intune, enter my email address: I am then redirected to the SSO login page of my organization (Atos): I can choose a login option and enter my login information, the company's SSO page briefly indicates "Login successful", but then I'm back to the same page (SSO login). This is unusual: in other apps, after the "login successful" message, the page closes, the application gets all the required credentials and proceeds. It seems that the Intune client didn't pick up the successful auth. Therefore, I'm not able to go past this stage. Launching Intune from the Terminal doesn't give any helpful information. Is that a known bug? Are you aware of a way to get more logs from Microsoft Intune for Linux? Thank you for your help. Kind regards, Guillaume
