Quick Summary

  1#!/bin/bash
  2#set -x
  3
  4#.SYNOPSIS
  5#    Starts Intune onboarding.
  6#.DESCRIPTION
  7#    Starts Intune onboarding, by installing pre-requisites and Intune Company Portal.
  8#    At reboot, the Intune Company Portal will start and the user will be prompted to sign in.
  9#.EXAMPLE
 10#    start-intune-onboarding.sh
 11#.NOTES
 12#    Created by David Natal
 13#    Revised by Ioan Popovici
 14#    Company Portal needs to be installed as a pre-requisite.
 15#    Return Codes:
 16#    0   - Success
 17#    5   - CPU Architecture not supported
 18#    10  - OS version not supported
 19#.LINK
 20#    https://MEM.Zone
 21#.LINK
 22#    https://MEMZ.one/Linux-Intune-Onboarding-Tool
 23#.LINK
 24#    https://MEMZ.one/Linux-Intune-Onboarding-Tool-CHANGELOG
 25#.LINK
 26#    https://MEMZ.one/Linux-Intune-Onboarding-Tool-GIT
 27#.LINK
 28#    https://MEM.Zone/ISSUES
 29
 30##*=============================================
 31##* VARIABLE DECLARATION
 32##*=============================================
 33#region VariableDeclaration
 34
 35## User Defined variables
 36COMPANY_NAME='MEM.Zone IT'
 37DISPLAY_NAME='Intune Onboarding Tool'
 38DOCUMENTATION_LINK='https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-device-linux'
 39#  Specify last supported OS major version
 40SUPPORTED_OS_MAJOR_VERSION=20
 41
 42## Script variables
 43#  Version
 44SCRIPT_VERSION=1.0.0
 45OS_VERSION=$(lsb_release -ds)
 46#  Cpu Architecture
 47CPU_ARCHITECTURE=$(lscpu | awk '/Architecture/ {print $2}')
 48
 49#  Author
 50AUTHOR='Ioan Popovici'
 51#  Script Name
 52SCRIPT_NAME=$(/usr/bin/basename "$0")
 53FULL_SCRIPT_NAME="$(realpath "$(dirname "${BASH_SOURCE[0]}")")/${SCRIPT_NAME}"
 54SCRIPT_NAME_WITHOUT_EXTENSION=$(basename "$0" | sed 's/\(.*\)\..*/\1/')
 55#  Logging
 56LOG_NAME=$SCRIPT_NAME_WITHOUT_EXTENSION
 57LOG_DIR="/Library/Logs/${COMPANY_NAME}/${DISPLAY_NAME}"
 58LOG_HEADER="Script Version: $SCRIPT_VERSION \n# Author: $AUTHOR \n# OS Version: $OS_VERSION \n# CPU Architecture: $CPU_ARCHITECTURE \n"
 59
 60#endregion
 61##*=============================================
 62##* END VARIABLE DECLARATION
 63##*=============================================
 64
 65##*=============================================
 66##* FUNCTION LISTINGS
 67##*=============================================
 68#region FunctionListings
 69
 70#region Function runAsRoot
 71function runAsRoot() {
 72#.SYNOPSIS
 73#    Checks for root privileges.
 74#.DESCRIPTION
 75#    Checks for root privileges and asks for elevation.
 76#.EXAMPLE
 77#    runAsRoot
 78#.NOTES
 79#    This is an internal script function and should typically not be called directly.
 80#.LINK
 81#    https://MEM.Zone
 82#.LINK
 83#    https://MEM.Zone/ISSUES
 84
 85    ## Set human readable parameters
 86    local scriptPath="$1"
 87
 88    ## Check if the script is run as root
 89    if [[ $EUID -ne 0 ]]; then
 90        echo 'This application must be run as root. Please authenticate!'
 91        if [[ -t 1 ]]; then
 92            sudo "$scriptPath"
 93        else
 94            gksu "$scriptPath"
 95        fi
 96        exit 0
 97    fi
 98}
 99#endregion
100
101#region Function startLogging
102function startLogging() {
103#.SYNOPSIS
104#    Starts logging.
105#.DESCRIPTION
106#    Starts loggign to to log file and STDOUT.
107#.PARAMETER logName
108#    Specifies the name of the log file.
109#.PARAMETER logDir
110#    Specifies the folder of the log file.
111#.PARAMETER logHeader
112#    Specifies additional header information to be added to the log file.
113#.EXAMPLE
114#    startLogging "logName" "logDir" "logHeader"
115#.NOTES
116#    This is an internal script function and should typically not be called directly.
117#.LINK
118#    https://MEM.Zone
119#.LINK
120#    https://MEM.Zone/ISSUES
121
122    ## Set human readable parameters
123    local logName="$1"
124    local logDir="$2"
125    local logHeader="$3"
126
127    ## Set log file path
128    logFullName="${logDir}/${logName}.log"
129
130    ## Creating log directory
131    if [[ ! -d "$logDir" ]]; then
132        echo "$(date) | Creating '$logDir' to store logs"
133        sudo mkdir -p "$logDir"
134    fi
135
136    ## Start logging to log file
137    exec &> >(sudo tee -a "$logFullName")
138
139    ## Write log header
140    echo   ""
141    echo   "##*====================================================================================="
142    echo   "# $(date) | Logging run of '$logName' to log file"
143    echo   "# Log Path: '$logFullName'"
144    printf "# ${logHeader}"
145    echo   "##*====================================================================================="
146    echo   ""
147}
148#endregion
149
150#region Function checkSupportedOS
151function checkSupportedOS() {
152#.SYNOPSIS
153#    Checks if the OS is supported.
154#.DESCRIPTION
155#    Checks if the OS is supported and exits if it is not.
156#.PARAMETER supportedOSMajorVersion
157#    Specify the major version of the OS to check.
158#.EXAMPLE
159#    checkSupportedOS '20'
160#.NOTES
161#    This is an internal script function and should typically not be called directly.
162#.LINK
163#    https://MEM.Zone
164#.LINK
165#    https://MEM.Zone/ISSUES
166
167    ## Set human readable parameters
168    local supportedOSMajorVersion="$1"
169
170    ## Variable declaration
171    local OSVersion
172    local OSMajorVersion
173    local cpuArchitecture
174
175    ## Set variables
176    OSVersion=$(lsb_release -rs)
177    OSMajorVersion=$(echo "$OSVersion" | cut -d'.' -f1)
178    OSName=$(lsb_release -ds)
179    cpuArchitecture=$(lscpu | awk '/Architecture/ {print $2}')
180
181    ## Check if CPU is supported
182    if [[ "$cpuArchitecture" != "x86_64"   ]] ; then
183
184        #  Display notification and alert
185        echo "Unsupported CPU architecture '$cpuArchitecture', please upgrade. Terminating execution!"
186        echo "CPU architecture needs to be 'x86_64'"
187        exit 5
188    fi
189
190    ## Check if OS is supported
191    if [[ "$OSMajorVersion" -lt "$supportedOSMajorVersion" ]] ; then
192
193        #  Display notification and alert
194        echo "Unsupported OS '$OSName', please upgrade. Terminating execution!"
195        echo "OS needs to be at least 'Ubuntu ($supportedOSMajorVersion) LTS'"
196
197        #  Forcefully install latest OS update
198        sudo bash -c 'for i in update {,full-}upgrade auto{remove,clean}; do apt-get $i -y; done'
199        exit 10
200    else
201        echo "Supported OS version '$OSName', continuing..."
202        return 0
203    fi
204}
205#endregion
206
207#region Function installMsSigningPackage
208function installMsSigningPackage() {
209#.SYNOPSIS
210#    Installs Microsoft Signing package for Ubuntu distributions.
211#.DESCRIPTION
212#    Installs Microsoft Signing package for Ubuntu distributions depending on version.
213#.EXAMPLE
214#    installMsSigningPackage
215#.NOTES
216#    This is an internal script function and should typically not be called directly.
217#.LINK
218#    https://MEM.Zone
219#.LINK
220#    https://MEM.Zone/ISSUES
221
222    ## Variable declaration
223    local osRelease
224    local osCodeName
225
226    ## Set variables
227    osRelease=$(lsb_release -rs)
228    osCodeName=$(lsb_release -c | grep -oP "Codename:\s+\K\w+")
229
230    ## Install Microsoft Signing package depending on Ubuntu version
231    sudo apt install curl gpg -y
232    curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
233    sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
234    sudo sh -c "echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$osRelease/prod $osCodeName main' > /etc/apt/sources.list.d/microsoft-ubuntu-$osCodeName-prod.list"
235    sudo rm microsoft.gpg
236}
237#endregion
238
239#region Function installMsEdge
240function installMsEdge() {
241#.SYNOPSIS
242#    Installs Microsoft Edge package.
243#.DESCRIPTION
244#    Installs Microsoft Edge package for Ubuntu distributions.
245#.EXAMPLE
246#    installMsEdge
247#.NOTES
248#    This is an internal script function and should typically not be called directly.
249#.LINK
250#    https://MEM.Zone
251#.LINK
252#    https://MEM.Zone/ISSUES
253
254    ## Variable declaration
255    local edgeMajorVersion
256
257    ## Set variables
258    edgeMajorVersion=$(dpkg -l | grep -i "microsoft-edge-stable" | awk '{print $3}' | cut -d '.' -f 1)
259
260    ## Install Microsoft Edge if not already installed
261    if [[ $edgeMajorVersion -lt 102 ]]; then
262        curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
263        sudo install -o root -g root -m 644 microsoft.gpg /etc/apt/trusted.gpg.d/
264        sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/edge stable main" > /etc/apt/sources.list.d/microsoft-edge.list'
265        sudo rm microsoft.gpg
266        sudo apt update
267        #  Add the missing GPG key if it's not available
268        sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EB3E94ADBE1229CF
269        sudo apt-get update
270        #  Install Microsoft Edge
271        sudo apt install microsoft-edge-stable -y
272    else
273        echo "Microsoft Edge Web Browser version 102 or newer is already installed."
274    fi
275}
276#endregion
277
278#region Function installMsIntunePortal
279function installMsIntunePortal() {
280#.SYNOPSIS
281#    Installs Microsoft Intune Portal package.
282#.DESCRIPTION
283#    Installs Microsoft Intune Portal package for Ubuntu distributions.
284#.EXAMPLE
285#    installMsIntunePortal
286#.NOTES
287#    This is an internal script function and should typically not be called directly.
288#.LINK
289#    https://MEM.Zone
290#.LINK
291#    https://MEM.Zone/ISSUES
292
293    ## Variable declaration
294    local appName
295    local appExec
296
297    ## Set variables
298    appName="intune-portal"
299    appExec="/opt/microsoft/intune/bin/intune-portal"
300
301    ## Install Microsoft Edge
302    installMsEdge
303
304    ## Install Microsoft Intune Portal
305    sudo apt-get install intune-portal -y
306
307    ## Create desktop shortcut
308    cat > intunestartup.desktop <<EOF
309[Desktop Entry]
310Name=${appName}
311Exec=${appExec}
312Type=Application
313Terminal=false
314EOF
315
316## Move the desktop file to the appropriate directory
317sudo mv intunestartup.desktop /usr/share/applications/
318
319## Set execution permissions for the desktop file
320sudo chmod +x /usr/share/applications/intunestartup.desktop
321
322## Create a symbolic link in the autostart directory
323sudo ln -s /usr/share/applications/intunestartup.desktop /etc/xdg/autostart/
324}
325#endregion
326
327#endregion
328##*=============================================
329##* END FUNCTION LISTINGS
330##*=============================================
331
332##*=============================================
333##* SCRIPT BODY
334##*=============================================
335#region ScriptBody
336
337## Check if script is running as root
338runAsRoot "$FULL_SCRIPT_NAME"
339
340## Start logging
341startLogging "$LOG_NAME" "$LOG_DIR" "$LOG_HEADER"
342
343## Show script version and suppress terminal output
344echo "Running $SCRIPT_NAME version $SCRIPT_VERSION"
345
346## Check if OS is supported
347checkSupportedOS "$SUPPORTED_OS_MAJOR_VERSION"
348
349## Initializing first repo sync so we get up to date packages
350sudo apt update
351
352## Install Microsoft Signing package
353installMsSigningPackage
354
355## Install Intune Portal app
356installMsIntunePortal
357
358## Workaround to mitigate disk encryption issues
359consoleUser=$(who | awk 'NR==1{print $1}')
360sudo usermod -a -G disk "$consoleUser"
361
362## Reboot to start Intune Company Portal
363sudo reboot
364
365#endregion
366##*=============================================
367##* END SCRIPT BODY
368##*=============================================