Today, we are announcing the general availability of Linux desktop management in Microsoft Endpoint Manager. Microsoft Intune, Microsoft Entra, and Microsoft Edge teams have partnered together to bring support for device registration, endpoint management, and secure web access to Microsoft 365 and Microsoft Azure resources for Linux Ubuntu LTS. With the October release of Microsoft Intune, organizations will be able to, in one place, include Linux desktops as endpoints in their device management and security workloads. IT will be able to manage Linux devices alongside Windows, Mac, iOS, and Android devices and reduce the risk of breach by ensuring only compliant devices access company resources. Critical aspects of achieving a Zero Trust security model for IT include assuming breach and allowing least-privilege access. To achieve that, organizations must be able to protect and manage the apps and endpoints across the entire end-user computing landscape.
Key endpoint management scenarios for Zero Trust include applying Conditional Access policies to applications, like Microsoft Edge, to manage (least privilege) access to company resources. We are also announcing a new Microsoft Teams progressive web app for Linux desktops that will be available in the coming months. Intune, with Azure Active Directory (Azure AD), part of Microsoft Entra, helps organizations protect organizational data through the application of protection policies for Microsoft 365 apps. This means workers will be able to safely use Teams through the new progressive web app for Linux.
This first release of Linux management in Intune will include the following functionalities:
- Enrollment of Ubuntu LTS (22.04, 20.04) desktops
- Conditional Access policies protecting web applications via Microsoft Edge
- Standard compliance policies
- Support for Bash scripts for custom compliance policies
Custom compliance for Linux
We know a wide range of device-compliance checks are necessary to protect company resources. The custom compliance policies in Endpoint Manager enable IT admins to write their own Bash scripts to evaluate attributes of the Linux endpoints that are most important to their organization. Custom compliance policies allow organizations to cover their specific compliance scenarios.
Conditional Access to web applications through Microsoft Edge
With Endpoint Manager, IT administrators can set Azure AD Conditional Access policies targeted at Linux devices, the same way it does for other platforms, ensuring only compliant Linux workstations will have access to corporate resources. Conditional Access will ensure devices are compliant before they can access corporate web applications.
Let’s review how Conditional Access guides the user-enrollment experience on Linux. It uses Conditional Access configuration, applied through Endpoint Manager, to enable Linux users to securely access the Microsoft Teams web application using Microsoft Edge. If a user tries to access Microsoft Teams from the Edge browser without first securing the device, they are not able to sign in.
The user is not blocked but guided through the process to download Microsoft Intune for Linux. This enrollment allows the organization to apply the configuration that optimizes user productivity, such as access to specific company applications. The enrollment process automatically registers the user with Azure AD, so risk and app-based Conditional Access policies can be tied specifically to the Linux endpoint.
The final stage of the enrollment process is the compliance evaluation, which verifies that device distribution and other elements meet company policies. Once compliance issues have been resolved, the user will have full access to the relevant corporate resources. Watch this video to see how it’s done.
The best of Microsoft Teams for Linux through a protected progressive web app
Organizations that rely on Microsoft Teams for collaboration and communication want the full features available for Linux desktop users in a secure way. This can be achieved using a new feature of the current Teams web client, which will be released for Linux in the coming months. This will provide Linux users with access to popular capabilities through the use of our new progressive web app (PWA) and will be available through both Edge and Chrome browsers.
The PWA does not require installation, is lightweight, and offers access to more capabilities, including custom backgrounds, gallery view, reactions, and raise hand in meetings, as well as large gallery and together mode views. PWA also provides desktop-like app features such as system notifications for chat and channel, dock icon with respective controls, application auto-start, and easy access to system app permissions.
The Teams web application and the new PWA for Linux will use the Conditional Access configuration, applied through Endpoint Manager, to enable Linux users to access the Teams web application using Edge in a secure way. This helps organizations use an industry-leading, unified endpoint management solution for Teams from Linux endpoints with security and quality in mind.
Future capabilities planned for Linux desktop management
Later this fall, we will release our device configuration solution for Linux in Endpoint Manager. This will be a custom configuration solution that customers can configure with Bash scripts. With this solution, customers can achieve a wide range of scenarios, like deploying Wi-Fi profiles and certificates to Linux desktops. We will also release a set of pre-defined scripts you can use to get started with custom scripting.
There are many distributions that are used by organizations for Linux. Our first release supports Ubuntu LTS (22.04, 20.04). We plan to add additional distributions in the coming months.
We’ll provide more details as we get closer to releasing the Microsoft Teams PWA on Linux for general availability. At that time, we encourage organizations using Teams on Linux to switch to the PWA to get the latest features with a desktop-like experience. Stay tuned for the latest news on the Microsoft Teams blog.
You can also let us know about your Endpoint Manager experience through comments on this blog post or reach out to @IntuneSuppTeam on Twitter. Tweet your feedback about Microsoft Endpoint Manager using the hashtag #MEMpowered. If you’re interested in ongoing developments on Endpoint Manager, we invite you to follow the Microsoft Endpoint Manager Blog and @MSIntune on Twitter.