microsoft-intune-company-portal-for-linux-and-conditional-access-issue

Microsoft Intune Company Portal for Linux and Conditional Access Issue

Greetings everyone,

 

I have the following scenario implemented regarding conditional access:

 

  • Rule#1: For pilotuser1, for all cloud apps, for all platforms –> require MFA

  • Rule#2: For pilotuser1, for all cloud apps except Microsoft Intune Enrollment and Microsoft Intune, for all platforms –> Require Device marked as compliant

This should allow me to enroll to Intune successfully a non-enrolled device and require the device compliance for the other workloads. For Windows it works just fine. The problem lies with Linux.

 

Following the instructions on Enroll a Linux device in Intune | Microsoft Learn & Get the Microsoft Intune app for Linux | Microsoft Learn I installed Intune App and Edge (Version 109.0.1518.52 (Official build) (64-bit)) on a VM with Ubuntu 22.04.

 

I open the Intune App and try to sign in:

First step is to Register the Device on Azure AD, it goes without a problem11.png –> ppolychron_0-1674164409615.png

On the next stage I get the following and press continue:

22.png

 

At this stage Microsoft Edge opens and I sign in successfully but the Intune App throws an error:

 

746c9a46-662c-4940-8ee0-29b0dd6d590c.png

 

The sign in logs on Azure AD show that even though I excluded Intune Enrollment from the CA policy, it is not enough. 

ppolychron_1-1674164755455.png

 

Sign-in error code: 530003
Failure reason: Your device is required to be managed to access this resource.
 
Additional Details:
The requested resource can only be accessed using a compliant device. The user is either using a device not managed by a Mobile-Device-Management (MDM) agent like Intune, or it’s using an application that doesn’t support device authentication. The user could enroll their devices with an approved MDM provider, or use a different app to sign in, or find the app vendor and ask them to update their app. More details available at https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-device-remediation
 
Application: Microsoft Intune Company Portal for Linux
Application ID: b743a22d-6705-4147-8670-d92fa515ee2b
Resource : Microsoft Graph
Resource ID: 00000003-0000-0000-c000-000000000000
Client app: Mobile Apps and Desktop clients
Client credential type: None
Resource service principal ID: 01989347-a263-48ef-a8d7-583ee83db9a2
Token issuer type: Azure AD

 

Apparently something is different in the enrollment process of Linux  because I had no issues with Windows 10 enrollment .

 

Any thoughts on the subject would be appreciated.

 

Kind Regards,

Panos

 

Similar Posts