Microsoft Intune is a cloud-based enterprise mobility and security (EMS) management solution that enables organizations to manage mobile devices. It integrates with other components of Microsoft’s EMS platform, including Azure Active Directory (AAD) and Azure Information Protection (AIP), allowing IT teams to enforce security policies and manage how endpoints are used in the organization.
Intune allows organizations to achieve a productive mobile workforce without worrying about corporate data security. For example, IT teams can set rules and configure security policies for various devices, whether those devices are corporate-owned or personal. This helps organizations implement bring your own device (BYOD) policies while mitigating security concerns.
However, despite these benefits, Intune has only traditionally supported devices running Windows, macOS, iOS, and Android operating systems (OSs). This left out Linux-based devices that many companies use to maintain workloads out of the picture for a long time. Toward the end of 2022 however, Microsoft finally added Linux workstation support to Intune — starting with Ubuntu.
Does Intune Support Linux?
The short answer is yes. In October 2022, Microsoft announced that Microsoft Endpoint Manager (MEM) added Linux-based devices to its unified endpoint management solution, with general availability for Ubuntu LTS.
However, Microsoft has yet to release support for other distros which means IT teams are either leaving other types of Linux workstations unmanaged or using other third-party mobile application management (MAM) and mobile device management (MDM) tools.
What’s Been Discussed?
Companies need to ensure that all endpoints are secure and compliant. In this regard, IT teams need to ensure that they mitigate compliance issues by deploying software and patches to all device types, including Linux endpoints. Effective Linux MDM is particularly challenging due to the many flavors of Linux distributions.
With Linux support added to Intune, IT teams can theoretically use a unified console to manage devices and apply the same protection policies and configurations for Linux workstations. Whether Microsoft is able to accomplish that for more distros after Ubuntu remains to be seen.
Having cross-platform support in an MDM is essential because the integration of multiple operating systems into one tool streamlines:
If IT teams are able to combine all the applications and device controls in one cloud-based endpoint management system, they can then apply policies and endpoint configurations in the same way across a heterogenous IT environment for added security and compliance.
In addition, a unified MDM allows organizations to move their employees closer to Zero Trust security architecture and cover their entire IT infrastructure. For example, IT teams can apply management controls such as password policies, Wi-Fi profiles, and certificates in a standard way across all cloud-managed endpoints.
Adding Linux support to an existing MDM enables companies to more easily enforce compliance policies and standards. For example, IT teams can create rules and configuration settings such as the minimum RHEL version that devices need to meet to be considered compliant.
IT teams can also create application policies that provide an extra layer of protection, allowing employees to access them on personal devices securely. Most importantly, IT teams can also take actions for non-compliance, like sending notifications to the user.
Conditional Access Policies
Determining if the device is compliant is one of the outcomes of cloud management. In a Microsoft-specific ecosystem, MEM allows organizations to assess the device’s posture while sending signals to AAD. If MEM finds that the device is compliant, it applies conditional access configurations. These configurations combine device compliance signals with other signals such as user identity risks to secure access to enterprise resources through adaptive policies.
With Intune, Microsoft’s goal is to allow IT teams to set AAD Conditional Access policies for Linux devices, as it does for Windows, macOS, iOS, and Android endpoints. This would ensure that only compliant Linux devices can access enterprise resources such as Microsoft 365 applications.
However, note that the current release only provides conditional access policies protecting web applications via Microsoft Edge. This is an example of Microsoft attempting to lock admins and users further into the Microsoft ecosystem, without allowing for the flexibility of choice in IT tools.
The Good News? A Linux Device Management Alternative Already Exists
Even if Microsoft succeeds with its Intune Linux management framework, the approach will still face some challenges. This is because of the differences between Microsoft’s approach to identity and access management (IAM) and other open source solutions.
For example, while Microsoft’s approach is to create segmented solutions that seamlessly integrate with Azure, the same cannot be said about non-Windows platforms like Linux-based OSs. Additionally, it is those very same segmented solutions that force users into Microsoft products and add additional complexity and cost for IT admins.
If you’d prefer to have a cloud-based MDM that provides the openness you need to choose the best tools and IT resources for your stack, while still resolving compliance and security issues in a heterogeneous environment, then you should consider JumpCloud® as an alternative cloud directory service.
As an open directory platform and unified MDM, JumpCloud centralizes identity and system management, irrespective of OS. It can overcome the common “admin black hole” associated with managing Linux devices, and help you reduce the number of IT tools your organization has to pay for and manage to fully secure its IT environment.
Whether you need patch management, encryption and lock-screen policies, MFA, or other capabilities applied to the Linux devices in your fleet, JumpCloud supports the following distros:
- Amazon Linux 2 on x86_64 and ARM64 processors
- Amazon Linux 2022 (AL2022) on x86_64 and ARM64 processors
- CentOS 7, 8
- Debian 10, 11 on x86_64 and ARM64 processors
- Fedora 35, and 36
- Mint 19, 20, 21 Cinnamon on x86_64 and ARM64 processors
- RHEL 8, 9 on x86_64 and ARM64 processors
- Rocky Linux 8, 9 on x86_86 and ARM64 processors
- Ubuntu 18.04 (64 bit), 20.04, and 21.04, and 22.04 on x86_64 and ARM64 processors