- Compatibility focused on Ubuntu Desktop (22.04/24.04 LTS) and RHEL 8/9 with GNOME and x86/64 CPU.
- Installation from Microsoft repositories, with updates and removal controlled by apt/dnf.
- Guided enrollment in the Intune app, policy compliance, and conditional access in Edge.
- SSO with Microsoft: Login enabled by microsoft-identity-broker apps native and web.
If you work with Linux In corporate environments, installing and managing Microsoft Intune on Ubuntu and Red Hat allows you to unify administration, enforce security, and comply with access policies without unnecessary hassle. This practical guide explains how to install, update, and uninstall the Intune app on these distributions, how to enroll your device, and what you need to know about single sign-on with Microsoft Entra. The entire process is designed so that you can apply it without wasting time and with maximum compatibility..
In addition to the technical steps, we will review the requirements, administrator tasks, and recommendations to ensure a smooth deployment on both personal (BYOD) and organization-owned devices. You'll find commands Ready to copy, compatibility notes (Ubuntu Desktop and RHEL 8/9) and key tips for complying with conditional access in Microsoft Edge.
System requirements and compatibility
The Microsoft Intune app for Linux is available from the official Microsoft repository at packages.microsoft.com. Regarding supported systems, the focus is on desktop. Ubuntu Desktop 22.04 LTS and 24.04 LTS, plus Red Hat Enterprise Linux 8 and 9Some references also consider Ubuntu 20.04 LTS in enrollment/SSO scenarios, but the Intune application focuses on the most recent LTS versions.
For Ubuntu, the expected environment is a desktop environment with GNOME, as included in the Desktop editions of 22.04 and 24.04. Ubuntu Server is not supported for enrollment. As for the hardwareWe are talking about physical or virtualized equipment (for example Hyper-V or Azure) with x86/64 CPUs, which is the stated support target.
Regarding device ownership, BYOD and corporate devices are supported; however, Registered Linux devices are considered corporate for administrative purposesThere is no mass enrollment for Linux: each device enrolls manually through the Intune app. Userless scenarios (kiosk, full screen) are also not supported because enrollment requires... a user logs in with their organization account.
Other operational details to note: the Device Enrollment Administrator (DEM) account does not apply to Linux, and Microsoft has not tested coexistence with another MDM running in parallel. Your organization may require encryption; it's easiest to enable it when you first install Ubuntu.So bring it up in the initial deployment.
Prior preparations and necessary software
Before installing anything, make sure your tenant and user have valid Intune/Endpoint Manager licenses to enroll the device. The registering user must have the assigned license and the equipment for internet access to Microsoft services.
Install the Microsoft Edge browser (version 102.x or later), both to complete registration and to access internal resources (web applications of Microsoft 365, sites protected with conditional access, etc.). You can download Edge from the official Microsoft website and use the .deb package on Ubuntu or the repository on RHEL..
In the case of Ubuntu 24.04, it is also valid to install local packages with apt using the path to the .deb file: sudo apt install ./packagenameEdge is a practical requirement in day-to-day use because conditional access policies are often applied in the browser.
Installing Microsoft Intune on Ubuntu Desktop (22.04 LTS and 24.04 LTS)
The installation is done from terminalAdding the Microsoft key and repository, and then installing the intune-portal package. The following commands work on Ubuntu Desktop with x86/64 CPU.
1) Install Curl and GPG to manage the package signing key: They are essential for adding the Microsoft repository.
sudo apt update
sudo apt install -y curl gpg
2) Import the Microsoft signing key and place it in the system keychain. This step allows you to verify the packages..
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/microsoft.gpg
sudo rm microsoft.gpg
3) Add and update the Microsoft repository for your Ubuntu version using lsb_release. This method works on both 22.04 and 24.04.
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(lsb_release -cs) main" > /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-prod.list'
sudo apt update
A specific alternative for Ubuntu 24.04 (noble), if you prefer to explicitly declare the version. Use this variant if you want to set the channel to 24.04:
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/microsoft.gpg
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/24.04/prod noble main" > /etc/apt/sources.list.d/microsoft-ubuntu-noble-prod.list'
sudo rm microsoft.gpg
sudo apt update
4) Install the Intune app. This package includes the portal and components needed to register your device. Installation may take a few minutes.
sudo apt install -y intune-portal
5) Restart the device to complete the setup and correctly detect the app's services. It is a recommended restart after the first installation.
sudo reboot
Update Microsoft Intune on Ubuntu
When new versions are available, they can be applied from the system software updater or manually via terminal. Manual updating is very straightforward.:
sudo apt update
sudo apt-get dist-upgrade -y
This process updates metadata and packages, including intune-portal, msft-broker, and Edge if you have them in the same repository. This ensures compatibility with security policies and improvements..
Uninstall Microsoft Intune on Ubuntu
If you need to remove the app from the system, you can do so with apt. First, remove the package and, if you wish, also delete the local data related to the configuration. Please check your organization's policies before removing the record..
sudo apt remove -y intune-portal
sudo apt purge -y intune-portal
Installing Microsoft Intune on Red Hat Enterprise Linux (RHEL 8/9)
In RHEL, the installation is done with dnf after importing the key and adding the Microsoft repository. The following steps show the flow in RHEL 9, valid for reference:
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
sudo dnf config-manager --add-repo https://packages.microsoft.com/yumrepos/microsoft-rhel9.0-prod
sudo dnf install -y intune-portal
sudo systemctl reboot
For RHEL 8, use the Microsoft repository corresponding to your main edition (8.x). The app is compatible with RHEL 8 and 9, although the repo routes change depending on the version..
Update Microsoft Intune on Red Hat Enterprise Linux
The update can also be applied using dnf. You can update the entire system or just the Intune package. Both options are valid:
sudo dnf update -y
If you prefer to update only the portal app: limits the change to the intune-portal package.
sudo dnf update -y intune-portal
Uninstall Microsoft Intune on Red Hat Enterprise Linux
To remove the application from the portal and, if applicable, the trace of local registration data, run the following. First, validate internal data retention policies.:
sudo dnf remove -y intune-portal
sudo rm -rf /var/opt/microsoft/mdatp
sudo rm -rf /etc/opt/microsoft/mdatp
sudo rm -rf /opt/microsoft/mdatp
Registering and signing up your Linux device in Intune
With the app installed, sign-up is very straightforward. Open the Microsoft Intune app and tap Sign in with your work or school account. The app will register the device with Microsoft Enter and associate it with Intune..
During the wizard you will see preview screens and data that the organization can consult: equipment model and serial number, operating system, device name or list of installed apps. If there are compliance policies, you may be required to adjust your configuration to comply. (for example, encryption or password policy).
Once completed, the app will display a confirmation that the device is ready to use. At that point, open Microsoft Edge and sign in with your organization's account to access protected internal apps and sites. Edge is key to applying conditional access to Microsoft 365 services.
If you are an administrator and want to verify the registration, log in to the Intune Admin Center and go to Devices > Linux > Linux devices: You should see the newly registered team with its compliance status.
Quick matrix of compatibility and limitations
| Scenario | Support |
|---|---|
| Ubuntu Desktop 24.04 LTS / 22.04 LTS (x86/64) | Yes |
| Ubuntu Server | No |
| RHEL 8 / 9 | Yes |
| Userless device (kiosk, full screen) | No |
| Mass registration | No |
| BYOD | Yes (it is considered a corporate entity after registration) |
If you're considering other distributions, such as Arch Linux, keep in mind that they are not currently officially supported; the experience may be limited and they are not tested by Microsoft. For production, stick with Ubuntu Desktop LTS and RHEL 8/9.
Administrator's tasks and preparation
Enrolling Linux requires minimal explicit configuration in Intune; it's enabled automatically per platform. Even so, there are recommended steps for a successful deployment. Start by ensuring device compatibility and assigned licenses.
Plan your implementation using the Intune planning guide: define management goals, use cases, user communication, support, testing, and validation. Since users register their own equipment, a clear communication plan is advisable. about how to install the Intune app and use Edge.
Regarding permissions, the principle of least privilege applies. The built-in role with the fewest privileges for enrollment tasks is "Intune Policy and Profile Manager". Review RBAC in Intune and assign appropriate roles to each work team.
Create a Linux-specific compliance policy in the Configuration Catalog: you can base it on distribution/version, device encryption, or password complexity, among other things. Non-compliant devices may have their access blocked or receive actions such as warnings or removal..
If you need to cover cases not covered by the built-in options, add custom compliance configuration using Bash scripts. These custom directives are created, monitored, and debugged from within Intune, and allow for the validation of custom configuration-value pairs..
To protect access, it combines compliance policies with Conditional Sign-In in Microsoft Sign-In, applied in Edge. A device that does not comply will not be able to sign in to Microsoft 365 web apps until it resolves its status.
End user tasks
The user flow is simple: download and install Edge (102.xo and later), install the Intune app, and complete the enrollment wizard with your corporate account. Depending on the policies, configuration changes may be required. before granting access to resources.
After registration, the user must sign in to Edge with their organization account to access internal sites and Microsoft 365 services. The Intune app will periodically verify compliance. and will warn of any deviation.
SSO for Linux with Microsoft Entra (microsoft-identity-broker)
Single sign-on in Linux relies on a component that integrates the system with Microsoft Entra ID. With this broker, the user uses their credentials once, and all other compatible applications inherit the session without requiring a password again. The SSO experience encompasses native and web apps that use MSAL.NET or MSAL.python (for example, Azure CLI, Microsoft Edge, Teams PWA).
Among its advantages for IT are simplifying access, reducing passwords, and allowing conditional access based on device when browsing with Edge. This component enables device registration, Intune enrollment, and standards compliance., in addition to supporting Bash scripts for custom compliance.
SSO/identity requirements in Linux: Ubuntu Desktop 24.04, 22.04 or 20.04 LTS, RHEL 8 or RHEL 9, on physical machines or Hyper-V on x86/64. Installation and updates are managed from Microsoft repositories., similar to the Intune app.
Next steps, checks and troubleshooting
After enrolling the device, you'll see its status in the Intune admin center under Devices > Linux. Keep the Intune and Edge apps up to date from the configured repositories. If there are errors, check the internet connectivity, the logs on the computer, and that the license is assigned to the user..
If the compliance status appears as non-compliant, open the Intune app on your computer: you will see the items to correct (encryption, password, version, etc.). By resolving the list items, conditional access in Edge will grant access again.Administrators can adjust actions for non-compliance (alerts, remote blocking, or withdrawal) in the policies.
For an orderly adoption in the organization, relying on the Microsoft Tech Community and the Intune Admin Center navigation tutorials is always helpful. In long-term project scenarios, use the implementation guide to prepare tenant, policies, and support.and avoids improvisations in production.
Having Intune on Ubuntu Desktop and RHEL allows you to unify policies, conditional access, and compliance in a clear way, supported by Edge and the identity broker for SSO. Sticking to supported versions (Ubuntu 22.04/24.04 and RHEL 8/9), following the indicated commands, and applying compliance guidelines is the safe way to operate Linux under your organization's rules..
Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.