Introduction
Officially only Ubuntu and RedHat Enterprise Linux (RHEL) are supported for the Intune Company portal app. This app allows the state of the physical device be checked and become part of an assurance level when a user signs in through Entra Conditional Access. Just like you verify that a user has entered the correct password and used MFA, the state of the device can be considered when accessing services. Once the portal app, aka agent, is installed the device can be enrolled.
I wanted to see if I could install the Intune app on my Fedora Workstation. There are other guides on how to do this. Some of them convert the deb packages made for Debian-based distributions to be able to install them on Red Hat-based ones.
https://taoofmac.com/space/com/microsoft/intune
https://nick.groenen.me/archive/2024/20240831-2059-intune-on-fedora-40
But using the RHEL packages already created by Microsoft we can make this much easier. I have personally tested this approach on Fedora Workstation 39, 40 and 41. The steps in this article are specifically for 41, which uses DNF5 and has a slightly different syntax.
Installing
Overview of process: https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-device-linux
These are Microsoft’s instructions that we need to follow to install the agent:
Add the repo form RHEL 9 and install the Intune app
# add repo
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
sudo dnf config-manager addrepo --from-repofile=https://packages.microsoft.com/yumrepos/microsoft-rhel9.0-prod
# install app
sudo dnf install intune-portal
You also need the Edge browser since it is the only one that can interact with the agent and report on its status when signing in.
wget --directory-prefix=~/Downloads https://packages.microsoft.com/yumrepos/edge/microsoft-edge-stable-131.0.2903.86-1.x86_64.rpm?brand=M102
sudo dnf install ./Downloads/microsoft-edge-stable-131.0.2903.86-1.x86_64.rpm
Launch the newly installed Intune app and log in:
Once that is completed you should be able to sign in to websites that required device compliance through the Edge browser.
The RHEL 9 repo has many of the same packages that the regular Fedora repos do. I suggest disabling the RHEL repo to avoid conflicts and rather enable it when you need to upgrade the Intune Portal app.
# disable RHEL repo
sudo dnf config-manager setopt microsoft-rhel9.0-prod-yum.enabled=0
Notes
These steps only install the agent. Your organization might have requirements in place that you must fulfill on the client to be considered compliant. Typical examples are having anti-malware installed and disk encryption. Intune checks there through compliance scripts that are distributed form Intune and run on the client. The Intune Portal app will tell you what needs to be fixed. So you might have to perform more steps than I have here to reach device compliance.
Compliance status can only be reported through Microsoft Edge. If you use any other tool, like GNOME Online accounts to access OneDrive, and have device compliance requirements, you will not be able to log in. All tools must be enriched to talk to the agent and then to report status.