Introduction

In this guide, I’ll walk you through setting up Ubuntu 24.04 LTS with Intune. As a Cloud Architect at Rubicon B.V., I’ve been testing whether Ubuntu provides the Edge (pun intended) I need to fulfill my work activities. Specifically, I’ll cover how to install the Intune Portal as well as the software I used for my Ubuntu 24.04 installation. You will find instructions for every installation below. I hope this helps you if you have any issues enrolling Ubuntu 24.04 with Intune.

Steps

Here’s a list of things that we’re going through in this post:

no. Software Purpose Method
1. Microsoft Edge Company device management apt
2. Intune Portal Company device management apt
3. Microsoft 365, including Teams and Outlook Office activities PWA
4. Draw.io Creating designs Snap
5. VS Code Development Snap
6. PowerShell Development Snap
7. KeepassXC Password management Snap
8. Azure CLI Development apt
9. Bicep Development binary
10. DisplayLink Multi-monitor support apt

Software on Beta branch of Ubuntu 24.04 LTS

When I started going down this road, Ubuntu 24.04 was still in beta. Installing software on a pre-release version of Ubuntu can be challenging. Typically, I prefer to keep packages as close to the source as possible. This means either installing from the official repository using apt, or adding the developer’s repository and then installing with apt.

Initially, I hesitated about using Snap packages due to concerns about their larger size and potential performance impact compared to APT packages. However, when dealing with a beta version of Ubuntu 24.04 LTS, options become limited. Lack of up-to-date documentation and repositories often leads to tinkering with apt sources and keyrings. This process involves navigating dependencies and version pinning, which can be error-prone. By opting for Snap, I streamlined the installation process, making it more straightforward and reliable.

Update 25-05-2024: Ubuntu 24.04 LTS was officially released. Still, taking into account software release cycles it is expected many applications have not yet found their way into the 24.04 repositories.

Manual installation of the Intune Portal

The Intune portal is provided (and officially supported) for Ubuntu 22.04. By adding backport repositories it is possible to install it on 24.04 without conpatibility issues. Follow the steps below to install the Intune Portal application.

  1. Edit /etc/apt/sources.list.d/ubuntu.sources and:
  • Make sure you have both noble sources and mantic sources,
  • Add an entry for mantic-security as well
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

Types: deb
URIs: http://nl.archive.ubuntu.com/ubuntu/
Suites: mantic
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

Types: deb
URIs: http://security.ubuntu.com/ubuntu/
Suites: mantic-security
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
  • The file /etc/apt/sources.list.d/ubuntu.sources should look like the code block below:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

Types: deb
URIs: http://archive.ubuntu.com/ubuntu
Suites: noble noble-updates noble-backports
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

Types: deb
URIs: http://security.ubuntu.com/ubuntu/
Suites: noble-security
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

Types: deb
URIs: http://nl.archive.ubuntu.com/ubuntu/
Suites: mantic
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

Types: deb
URIs: http://security.ubuntu.com/ubuntu/
Suites: mantic-security
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

This will ensure you have access to 22.04 (mantic) packages which we need during the next phase.

  1. Install Microsoft Edge for Business. Edge is needed for the Intune Portal as it leverages the built-in authentication mechanisms.
1
2
3
4
5

curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /etc/apt/trusted.gpg.d/
sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/edge stable main" > /etc/apt/sources.list.d/microsoft-edge-dev.list'
sudo rm microsoft.gpg
sudo apt update && sudo apt install microsoft-edge-stable
  1. Install the prerequisites for the Intune Portal:
1

sudo apt install openjdk-11-jre libicu72 libjavascriptcoregtk-4.0-18 libwebkit2gtk-4.0-37
  1. Install intune-portal
1
2
3
4
5
6

curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" > /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list'
sudo rm microsoft.gpg
sudo apt update
sudo apt install intune-portal
  1. Sign in and smile! (note: It can take up to 1 hour for it to sync, please be patient)

Using an older version over the Microsoft Identity Broker package

Info

I tested the latest microsoft-identity-broker package, and it now works with the Intune Portal. Please use the latest version where possible!

  1. If you need microsoft-identity-broker v.1.7.0 follow these steps
1
2
3

sudo apt purge microsoft-identity-broker
sudo apt install microsoft-identity-broker=1.7.0
sudo apt-mark hold microsoft-identity-broker
  1. If you use microsoft-identity-broker v.1.7.0 and want to go to the latest version, follow these steps
1
2
3

sudo apt-mark unhold microsoft-identity-broker
sudo apt purge microsoft-identity-broker
sudo apt install microsoft-identity-broker
  1. Purge “intune-portal” from apt and install it once again so it uses the latest Microsoft Identity Broker
1
2

sudo apt purge intune-portal
sudo apt install intune-portal
  1. Sign in and smile! (note: It can take up to 1 hour for it to sync, please be patient)

Other software

The other software I installed are mostly for me to be able to do my daily work activities. Your software suite may vary. To give you a complete picture I outlined the software in the next chapters.

Snap packages

These snaps work like a charm:

  • PowerShell
  • VS Code
  • KeepassXC
  • Draw.io
1

sudo snap install powershell vscode keepassxc drawio

apt packages

Apt packages wthat work without issues on Ubuntu 24.04 LTS:

  • git
  • curl
  • gnome-tweaks
1

sudo apt install git curl gnome-tweaks

Progressive Web App (PWA)

To be able to leverage Microsoft’s Office suite and Teams client you can install them as PWA on the system. I’ve installed:

  • Outlook
  • Microsoft 365
  • Teams (v2)
  • OneNote

Installation can be done via your specific browser. I used Edge and pinned the PWA’s to my dock.

Azure CLI & Bicep

  1. Azure CLI has no official candidate for 24.04, but you can use 22.04 just fine(link):
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

curl -sLS https://packages.microsoft.com/keys/microsoft.asc |
  sudo gpg --dearmor -o /etc/apt/keyrings/microsoft.gpg
sudo chmod go+r /etc/apt/keyrings/microsoft.gpg
AZ_DIST='jammy'
echo "Types: deb
URIs: https://packages.microsoft.com/repos/azure-cli/
Suites: ${AZ_DIST}
Components: main
Architectures: $(dpkg --print-architecture)
Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources
sudo apt-get update
sudo apt-get install azure-cli
  • For Bicep get the latest binary (link):
1
2
3
4

curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64
chmod +x ./bicep
sudo mv ./bicep /usr/local/bin/bicep
bicep --help

To support multi-monitor setups you need DisplayLink software fron Synapse. You can install DisplayLink with these commands:

  • If you are using secure boot: Follow the steps on this page or see the GIF below.

secureboot

1
2
3
4

wget -P ~/Downloads https://www.synaptics.com/sites/default/files/Ubuntu/pool/stable/main/all/synaptics-repository-keyring.deb | sudo apt install ~/Downloads/synaptics-repository-keyring.deb
sudo apt update
sudo apt install displaylink-driver
rm ~/Downloads/synaptics-repository-keyring.deb

Further GIT configuration

To integrate git secrets with the gnome-keyring you have to compile the git-credential-libsecret:

1
2
3
4
5
6

sudo apt-get install -y libsecret-tools
sudo apt-get install -y gcc make libsecret-1-0 libsecret-1-dev
cd /usr/share/doc/git/contrib/credential/libsecret
sudo make
git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret
sudo apt purge libsecret-1-dev -y && sudo apt autoremove -y

After the configuration you exectute git commands on your repo, fill in the password at the prompt and it will be saved to the Gnome Keyring

Conclusion

And there you have it: my Ubuntu 24.04 installation, seamlessly integrated with Intune. After a week of working with this setup, I can confidently say it’s both robust and lightning-fast! Even on an Intel i7 7700HQ, the performance is impressive, so if you’re using newer hardware, expect an even smoother experience. Now, I’m curious—what’s your experience been like with Ubuntu and Intune?