Using Ubuntu Desktop with Microsoft Intune – Part 1

Can you use Ubuntu Desktop in combination with Microsoft Intune in the real world? Linux has been around for ages, and over the years, I hopped on the Linux train several times. But after a while, I find myself returning to Windows because it is so familiar to me. Now, I have once again switched to Ubuntu Desktop 23.10. This time, I am conducting a two-month trial to determine whether a Cloud Consultant can effectively work on Ubuntu 23.10. And besides that, we also discover if organizations can leverage Microsoft Intune and Defender for Endpoint to manage these devices. Follow me at the beginning of a series of posts where I write about my experiences and learnings!

Introduction

A few weeks ago, I asked my employer if I could conduct a trial to explore if Linux is a viable option for my work as Cloud Consultant. The response from the IT Manager was positive and immediately learned that my fellow collegae Jaap asked the same question just a few days before. Such a coincidence, because we work on the same project for over a year now!

This will be a series of posts, mixed with information about what Jaap & I come across during our journey. Also, along the way, there will be guidance for you to start with Ubuntu Desktop using Microsoft Intune, Defender for Endpoint, and other products.

Use cases & requirements

Immediately we gathered together and without too much hassle we formed a few use cases and requirements:

  • Explore the benefits and downsides using Linux in our daily jobs.
    • Jaap works as Cloud Architect and often writes documents, creates designs and communicates with stakeholders.
    • I work as Cloud Engineer and generally write code, interact with Microsoft Azure and create some designs from time-to-time.
  • Get a better understanding of the management capabilities in Microsoft Intune.
    • Onboarding experience on the device.
    • Explore management capabilities using shell scripts.
  • Secure the operating system and protect resources.
    • Installation, configuration and capabilities of Defender for Endpoint for Linux.
    • Explore Conditional Access features in relation to device compliance in Microsoft Intune.

At the end of the trial, we evaluate the success of it and consider whether we are convinced if Ubuntu Desktop with Microsoft Intune can be a serious alternative for Windows.

Hardware and software

Both Jaap and I received a test laptop so we can freely experiment with Ubuntu without the need to dual boot and prevent us from not being able to work during the day when something gets wrong.

HardwareProcessorRAMGPUSSD
Dell XPS 15 9560Intel Core
i7-7700HQ
2x 8GB SODIMM
DDR4 2667 MHz
Nvidia GeForce
GTX 1050 (4GB)
512GB NVMe
Hardware used by Jaap.
HardwareProcessorRAMGPUSSD
Dell XPS 15 7590Intel Core
i7-9750H
2x 8GB SODIMM
DDR4 2667 MHz
Nvidia GeForce
GTX 1650 (4GB)
512GB NVMe
Hardware used by Bjorn.

Ubuntu Desktop 23.10 & 24.04 LTS

Ubuntu might be the most well-known Linux operating system in the world and is developed by Canonical. It is popular because it provides a friendly user experience for everyone, even for inexperienced users. Besides that, support from software vendors and the community is excellent, which helps adoption to Linux.

However, that’s not why we chose Ubuntu. We picked this flavour of Linux because it simply is the only supported operating system that works with Microsoft Intune at this time.

You might wonder why we still use a newer version of Ubuntu while it’s technically not supported. Well, Ubuntu Desktop 22.04 LTS recently turned two years old and there is no fun in not using the latest and greatest. I use version 23.10.1 while Jaap takes it all the way up to the new 24.04 LTS.

Microsoft Intune & Defender for Endpoint

Speaking of Microsoft Intune, managing Ubuntu Desktop in a professional setting involves ensuring both device management and security are properly addressed. It is a hard requirement nowadays to have at least a form of Modern Device Management (MDM) software to govern endpoints. Secondly, we need software to prevent, detect, investigate, and respond to advanced threats.

We enrolled our devices in Microsoft Intune and Defender for Endpoint for Linux. I am pleased to report that we succeeded but not without any hassle. It is a hefty manual process, involving the need to add additional software repositories, installing dependencies and so forth.

I really see it as requirement for organizations to automate the deployment, speeding up the onboarding and decrease the fault tolerance. I will be providing an in-depth tutorial soon where we look into the possibilities.

Overview of the Intune Portal on Ubuntu Desktop.
Intune Portal on Ubuntu 23.10.1
Overview of the status of Defender for Endpoint for Linux in the terminal.
Defender for Endpoint on Ubuntu 23.10

Advantages of using Ubuntu Desktop

  • Ubuntu Desktop is renowned for its resource efficiency. Despite its modern interface and extensive feature set, the minimum requirements for running Ubuntu are quite modest. Even computers that are several years old can easily meet these requirements, allowing them to run Ubuntu Desktop without significant strain on their components, as reflected in the operating system’s swift and simple performance.
  • Customize your environment with GNOME extensions, install your favorite window manager, and/or install various versions of software alongside each other. While it might be viewed as a downside that the Linux community is scattered across various distributions, in terms of flexibility, it isn’t. For each problem, there are many solutions and offerings, giving you the flexibility to use Linux as you see fit.
Example of a GNOME extension which you can find on the GNOME extensions website.
Example of a GNOME extension
  • Working in the cloud, most of the infrastructure is accessible through APIs and web browsers, providing a uniform method of deploying and managing infrastructure. This eliminates the need to run specific operating systems due to proprietary software constraints. For instance, developing code with Visual Studio Code works seamlessly. Furthermore, in recent years, PowerShell, .NET Core, and Azure CLI have received substantial support on Linux.

Downsides of Ubuntu Desktop in a Windows ecosystem

  • Compatibility is the biggest Achilles’ heel we have encountered so far. Simple things like the native Microsoft Office suite or the Remote Desktop application aren’t available. You’re mostly stuck with the browser if you do want to use these types of Microsoft products.
  • No real integration between Defender for Endpoint and the operating system (yet). It’s all run from the command line, and there is a lack of visibility for the user. What is the status of Defender, and are there any active threats?
  • The lack of experience from IT personnel, which makes total sense. Have you ever seen an organization where Linux desktops were deployed and managed just like Windows and/or macOS?
Microsoft Word in the Firefox browser on Ubuntu Desktop.
Microsoft Word from the browser

Learning curve

  • Both Jaap and I are familiar with the Linux operating system. But, since there are many flavors of Linux, where each has its own interface, package manager and software, there is always a learning curve. Getting to know your environment and setting it up to support your daily workflow takes time.
  • Things just break too. I had several moments last week where I just didn’t understand what happened. For example, I tried to install a previous version of Mutter because my current version has a bug where the terminal would start lagging. I successfully installed the older version, but with the next run of software updates, it apparently removed dependencies that were no longer required.

As a result, my system crashed, and I never got it working again. The ZFS pool was gone, and I simply had to reinstall. In hindsight, I should have been more careful and verified what was actually about to happen.

Error message displayed when booting to Ubuntu Desktop when a the rpool for ZFS cannot be found.

Interoperability challenges

It’s the first week, and I’m not really sure how this will pan out, but I foresee potential challenges in collaborating with colleagues and clients. As we exchange a lot of information and need to collaborate effectively all the time, there may be compatibility issues with software or documents. For example, if we work on the same Word document, could it disrupt the document’s structure? Regardless, we’ll find out soon enough!

Limited enterprise support

Once again, enterprise support for Linux is still minimal. Compared to Windows and macOS, which have built-in support for Modern Device Management, there isn´t much for Linux to offer. Like I mentioned before, Microsoft now provides basic support for Ubuntu Desktop in Intune only.

Conclusion

Our journey with Ubuntu Desktop has just begun, and already we’re diving headfirst into an ocean of discovery. Leveraging Ubuntu 23.10 and the forward-looking 24.04 LTS, we’re not only testing the waters of Canonical’s famous distro but also challenging the norms of a Windows-centric workspace.

It is a bumpy ride

Despite minor setbacks, like the manual process of enrolling in Microsoft Intune and the current limitations of Defender for Endpoint on Linux, our experience has shown that with enough determination, a Linux environment can be tailored to fit professional needs. The resourcefulness of Ubuntu, combined with the versatility of available tools and the expanding cloud infrastructure, makes us feel that Windows is not the sole contender for the cloud consultant’s toolkit.

However, the switch does not come without its downsides. We’ve grappled with compatibility issues, lack of integration, and the occasional system crash due to the unfamiliar terrain. These speed bumps underscore the importance of a tempered approach — being keenly aware of the adjustments and repairs that come with adopting a new system.

Stay tuned!

In the upcoming weeks, as we continue to navigate through these initial interoperability challenges and the learning curve of a different OS environment, we anticipate encountering both inventive workarounds and unforeseen issues. Our objective remains steadfast: to provide comprehensive insights into the viability of a Linux-based setup in a predominantly Windows ecosystem.

As my colleague Jaap and I push forward, we do so with an open mind and a shared enthusiasm. We are eager to uncover the full potential of Ubuntu Desktop and Microsoft Intune, to document the trials and triumphs along the way. Stay tuned for our upcoming posts, where we’ll explore more possibilities, celebrate the small victories, and candidly address the stumbling blocks of Linux as a legitimate alternative for enterprise use.

We look forward to sharing more with you in the following weeks. Join us as we embrace the learning process and advance towards a conclusive verdict on Ubuntu’s place in the corporate IT landscape.

3 thoughts on “Using Ubuntu Desktop with Microsoft Intune – Part 1

  1. Hello
    Thanks for the blogpost 👍
    Would you care to provide some guidance on how did you use newer, not officially supported versions of Ubuntu, with Intune installation.
    As far as i can tell, Microsoft only provides packages for 20.04 and 22.04 ?

    1. Hi Jonatan, you just follow the steps on the Microsoft Docs for Ubuntu 22.04. When the Intune Portal is installed, open up a terminal and purge the microsoft-identity-broker v2.0.0 package using apt. Then, install v1.7.0 of this package and hold it back for upgrades:

        sudo apt purge microsoft-identity-broker
        sudo apt install microsoft-identity-broker=1.7.0
        sudo apt-mark hold microsoft-identity-broker

      Also purge and install again the intune-portal package to make sure it will use v1.7.0. If you need more details, please also visit Jaap’s website, where he explains it in more detail.

Comments are closed.