Dark mode

Dark mode

There are 0 results matching

article card image dark article card image light

Published by · May 22, 2024 tools · 2 mins read

Introducing: Windows User Rights Assignment Tool - Part 1

Get Windows Rights Assignment with our PowerShell Tool. ...

See More
article card image dark article card image light

Published by · Apr 11, 2024 tools · 2 mins read

Introducing: Intune Linux Onboarding Tool

Onboard Ubuntu Linux devices to Microsoft Intune using a bash script. Installs prerequisites and starts the user-driven enrollment. ...

See More
article card image dark article card image light

Published by · Apr 11, 2024 tools · 2 mins read

Introducing: Intune macOS Onboarding Tool

Onboard macOS devices to Microsoft Intune using a bash script that initiates the process. Optionally, the script converts mobile accounts, resets the FileVault key, and removes ...

See More
article card image dark article card image light

Published by · Jan 23, 2024 tools · 3 mins read

Introducing: Intune Device Renaming Tool

Rename Intune Devices by setting a Prefix or using a User Attribute as Prefix. Supports Windows, macOS, and Linux ...

See More
article card image dark article card image light

Published by · Dec 8, 2023 intune · 5 mins read

Intune Logs: A Deep Dive into Locations, Interpretation, and Configuration

A Comprehensive Guide to Locations, Interpretation, and Configuration of Intune Logs ...

See More
article card image dark article card image light

Published by · Aug 14, 2023 configmgr · 2 mins read

Configuration Manager Console Extension to show Device Collection Membership with Console Builder

Use the Configuration Manager Console Builder, to add Collection Membership View to the Device Node ...

See More
article card image dark article card image light

Published by · Aug 3, 2023 tools · 3 mins read

Introducing: Configuration Manager SSRS Dashboards

A Configuration Manager Dashboards solution with Reports for Software Updates, Bitlocker and more ...

See More
article card image dark article card image light

Published by · Aug 3, 2023 tools · 2 mins read

Introducing: PowerShell WMI Management Toolkit Module

Streamline your WMI Namespace, Class, and Instance Management with our PowerShell Module ...

See More
article card image dark article card image light

Published by · Jul 14, 2023 configmgr · 1 mins read

Configuration Manager detailed, filterable Port Documentation

Configuration Manager detailed, filterable port documentation as an excel document ...

See More
article card image dark article card image light

Published by · Jul 14, 2023 configmgr · 3 mins read

Configuration Manager PXE TFTP Window Size Bug

Configuration Manager TFTP Block Size and TFTP Window Size Correct Configuration ...

See More
article card image dark article card image light

Published by · Jun 18, 2023 tools · 4 mins read

Introducing: Configuration Manager Client Cache Cleanup Tool

Cleaning the Configuration Manager Client Cache the Right Way with PowerShell and Configuration Baselines ...

See More
article card image dark article card image light

Published by · Jun 18, 2023 tools · 2 mins read

Introducing: Windows Cache Cleanup Tool

Cleaning Windows and Configuration Manager Caches for Configuration Manager Build and Capture Task Sequence or Standalone Use ...

See More
article card image dark article card image light

Published by · Jun 17, 2023 tools · 1 mins read

Introducing: Windows Update Database Reinitialization Tool

Proactively repair corrupted Windows Update Database with Powershell and Configuration Manager ...

See More
article card image dark article card image light

Published by · Mar 31, 2023 tools · 3 mins read

Introducing: Configuration Manager SQL Products Reporting

A Complete SQL Products reporting solution using Configuration Manager ...

See More
article card image dark article card image light

Published by · Jan 28, 2023 configmgr · 1 mins read

Application Detection Method using the Configuration Manager Application Version

Replace hardcoded application version in scripts, with the Configuration Manager Application Version ...

See More
article card image dark article card image light

Published by · Jan 28, 2023 tools · 3 mins read

Introducing: Certificate Management Toolkit

Managing Certificates with Configuration Manager and PowerShell by using just the Public Key ...

See More
article card image dark article card image light

Published by · Jan 7, 2019 reports · 2 mins read

Configuration Manager Device Boundary and Network Information Report

List Device Boundaries and Network Information with Configuration Manager ...

See More
article card image dark article card image light

Published by · Sep 9, 1980 help · 5 mins read

MEM.Zone Blog Publishing Documentation

Publishing Documentation for MEM.Zone ...

See More

We couldn’t find anything related to

“SCCM”

BLOG / tools zone

Introducing: Intune Linux Onboarding Tool

Published by Paul Vilcu · Apr 11, 2024 · 2 mins read
article card image dark article card image light

Quick Summary

Microsoft Intune supports Linux Ubuntu 22.04 flavor, but the documentation for it from Microsoft is very limited.

This will be a short post on how to have one-stop script to enroll a Linux device into Microsoft Intune.

Prerequisites

  • Bash Script
  • Ubuntu 22.04 device with a x64 architecture and Full Disk Encryption enabled.
Notes

Arm architecture is not supported at the moment.

Full Disk Encryption needs to be enabled at the Operating System installation step. It is not possible to enable it afterwards and it is mandatory for the Intune compliance checks.


Recommendations

  • Run the script in a test environment before using it in production.
  • Use multiple test devices to validate your configuration.
Notes

The script logs in the /Library/Logs/${COMPANY_NAME} folder.

Notes

Although the script helped migrating about 200 devices, it cannot account for all edge cases. Please test thoroughly before using it in production.


User Defined Variables

COMPANY_NAME

This variable specifies the company name.

DISPLAY_NAME

This variable specifies the script name used in the log name.

This variable specifies the documentation link which will be opened at the end of the installation.

Notes

Do not modify any other variables unless you know what you are doing.


Manual Steps

Devices need enable full disk encryption when installing the operating system. It is not possible to enable it afterwards and it is mandatory for the Intune compliance checks.

Notes

If encryption is not enabled, the device will be tagged as non-compliant and will not be able to access company resources.


Preview

article card image demo-intune-linux-onboarding-tool
Intune Linux Onboarding Tool Demo

Code

  1#!/bin/bash
  2#set -x
  3
  4#.SYNOPSIS
  5#    Starts Intune onboarding.
  6#.DESCRIPTION
  7#    Starts Intune onboarding, by installing pre-requisites and Intune Company Portal.
  8#    At reboot, the Intune Company Portal will start and the user will be prompted to sign in.
  9#.EXAMPLE
 10#    start-intune-onboarding.sh
 11#.NOTES
 12#    Created by David Natal
 13#    Revised by Ioan Popovici
 14#    Company Portal needs to be installed as a pre-requisite.
 15#    Return Codes:
 16#    0   - Success
 17#    5   - CPU Architecture not supported
 18#    10  - OS version not supported
 19#.LINK
 20#    https://MEM.Zone
 21#.LINK
 22#    https://MEMZ.one/Linux-Intune-Onboarding-Tool
 23#.LINK
 24#    https://MEMZ.one/Linux-Intune-Onboarding-Tool-CHANGELOG
 25#.LINK
 26#    https://MEMZ.one/Linux-Intune-Onboarding-Tool-GIT
 27#.LINK
 28#    https://MEM.Zone/ISSUES
 29
 30##*=============================================
 31##* VARIABLE DECLARATION
 32##*=============================================
 33#region VariableDeclaration
 34
 35## User Defined variables
 36COMPANY_NAME='MEM.Zone IT'
 37DISPLAY_NAME='Intune Onboarding Tool'
 38DOCUMENTATION_LINK='https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-device-linux'
 39#  Specify last supported OS major version
 40SUPPORTED_OS_MAJOR_VERSION=20
 41
 42## Script variables
 43#  Version
 44SCRIPT_VERSION=1.0.0
 45OS_VERSION=$(lsb_release -ds)
 46#  Cpu Architecture
 47CPU_ARCHITECTURE=$(lscpu | awk '/Architecture/ {print $2}')
 48
 49#  Author
 50AUTHOR='Ioan Popovici'
 51#  Script Name
 52SCRIPT_NAME=$(/usr/bin/basename "$0")
 53FULL_SCRIPT_NAME="$(realpath "$(dirname "${BASH_SOURCE[0]}")")/${SCRIPT_NAME}"
 54SCRIPT_NAME_WITHOUT_EXTENSION=$(basename "$0" | sed 's/\(.*\)\..*/\1/')
 55#  Logging
 56LOG_NAME=$SCRIPT_NAME_WITHOUT_EXTENSION
 57LOG_DIR="/Library/Logs/${COMPANY_NAME}/${DISPLAY_NAME}"
 58LOG_HEADER="Script Version: $SCRIPT_VERSION \n# Author: $AUTHOR \n# OS Version: $OS_VERSION \n# CPU Architecture: $CPU_ARCHITECTURE \n"
 59
 60#endregion
 61##*=============================================
 62##* END VARIABLE DECLARATION
 63##*=============================================
 64
 65##*=============================================
 66##* FUNCTION LISTINGS
 67##*=============================================
 68#region FunctionListings
 69
 70#region Function runAsRoot
 71function runAsRoot() {
 72#.SYNOPSIS
 73#    Checks for root privileges.
 74#.DESCRIPTION
 75#    Checks for root privileges and asks for elevation.
 76#.EXAMPLE
 77#    runAsRoot
 78#.NOTES
 79#    This is an internal script function and should typically not be called directly.
 80#.LINK
 81#    https://MEM.Zone
 82#.LINK
 83#    https://MEM.Zone/ISSUES
 84
 85    ## Set human readable parameters
 86    local scriptPath="$1"
 87
 88    ## Check if the script is run as root
 89    if [[ $EUID -ne 0 ]]; then
 90        echo 'This application must be run as root. Please authenticate!'
 91        if [[ -t 1 ]]; then
 92            sudo "$scriptPath"
 93        else
 94            gksu "$scriptPath"
 95        fi
 96        exit 0
 97    fi
 98}
 99#endregion
100
101#region Function startLogging
102function startLogging() {
103#.SYNOPSIS
104#    Starts logging.
105#.DESCRIPTION
106#    Starts loggign to to log file and STDOUT.
107#.PARAMETER logName
108#    Specifies the name of the log file.
109#.PARAMETER logDir
110#    Specifies the folder of the log file.
111#.PARAMETER logHeader
112#    Specifies additional header information to be added to the log file.
113#.EXAMPLE
114#    startLogging "logName" "logDir" "logHeader"
115#.NOTES
116#    This is an internal script function and should typically not be called directly.
117#.LINK
118#    https://MEM.Zone
119#.LINK
120#    https://MEM.Zone/ISSUES
121
122    ## Set human readable parameters
123    local logName="$1"
124    local logDir="$2"
125    local logHeader="$3"
126
127    ## Set log file path
128    logFullName="${logDir}/${logName}.log"
129
130    ## Creating log directory
131    if [[ ! -d "$logDir" ]]; then
132        echo "$(date) | Creating '$logDir' to store logs"
133        sudo mkdir -p "$logDir"
134    fi
135
136    ## Start logging to log file
137    exec &> >(sudo tee -a "$logFullName")
138
139    ## Write log header
140    echo   ""
141    echo   "##*====================================================================================="
142    echo   "# $(date) | Logging run of '$logName' to log file"
143    echo   "# Log Path: '$logFullName'"
144    printf "# ${logHeader}"
145    echo   "##*====================================================================================="
146    echo   ""
147}
148#endregion
149
150#region Function checkSupportedOS
151function checkSupportedOS() {
152#.SYNOPSIS
153#    Checks if the OS is supported.
154#.DESCRIPTION
155#    Checks if the OS is supported and exits if it is not.
156#.PARAMETER supportedOSMajorVersion
157#    Specify the major version of the OS to check.
158#.EXAMPLE
159#    checkSupportedOS '20'
160#.NOTES
161#    This is an internal script function and should typically not be called directly.
162#.LINK
163#    https://MEM.Zone
164#.LINK
165#    https://MEM.Zone/ISSUES
166
167    ## Set human readable parameters
168    local supportedOSMajorVersion="$1"
169
170    ## Variable declaration
171    local OSVersion
172    local OSMajorVersion
173    local cpuArchitecture
174
175    ## Set variables
176    OSVersion=$(lsb_release -rs)
177    OSMajorVersion=$(echo "$OSVersion" | cut -d'.' -f1)
178    OSName=$(lsb_release -ds)
179    cpuArchitecture=$(lscpu | awk '/Architecture/ {print $2}')
180
181    ## Check if CPU is supported
182    if [[ "$cpuArchitecture" != "x86_64"   ]] ; then
183
184        #  Display notification and alert
185        echo "Unsupported CPU architecture '$cpuArchitecture', please upgrade. Terminating execution!"
186        echo "CPU architecture needs to be 'x86_64'"
187        exit 5
188    fi
189
190    ## Check if OS is supported
191    if [[ "$OSMajorVersion" -lt "$supportedOSMajorVersion" ]] ; then
192
193        #  Display notification and alert
194        echo "Unsupported OS '$OSName', please upgrade. Terminating execution!"
195        echo "OS needs to be at least 'Ubuntu ($supportedOSMajorVersion) LTS'"
196
197        #  Forcefully install latest OS update
198        sudo bash -c 'for i in update {,full-}upgrade auto{remove,clean}; do apt-get $i -y; done'
199        exit 10
200    else
201        echo "Supported OS version '$OSName', continuing..."
202        return 0
203    fi
204}
205#endregion
206
207#region Function installMsSigningPackage
208function installMsSigningPackage() {
209#.SYNOPSIS
210#    Installs Microsoft Signing package for Ubuntu distributions.
211#.DESCRIPTION
212#    Installs Microsoft Signing package for Ubuntu distributions depending on version.
213#.EXAMPLE
214#    installMsSigningPackage
215#.NOTES
216#    This is an internal script function and should typically not be called directly.
217#.LINK
218#    https://MEM.Zone
219#.LINK
220#    https://MEM.Zone/ISSUES
221
222    ## Variable declaration
223    local osRelease
224    local osCodeName
225
226    ## Set variables
227    osRelease=$(lsb_release -rs)
228    osCodeName=$(lsb_release -c | grep -oP "Codename:\s+\K\w+")
229
230    ## Install Microsoft Signing package depending on Ubuntu version
231    sudo apt install curl gpg -y
232    curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
233    sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings/
234    sudo sh -c "echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$osRelease/prod $osCodeName main' > /etc/apt/sources.list.d/microsoft-ubuntu-$osCodeName-prod.list"
235    sudo rm microsoft.gpg
236}
237#endregion
238
239#region Function installMsEdge
240function installMsEdge() {
241#.SYNOPSIS
242#    Installs Microsoft Edge package.
243#.DESCRIPTION
244#    Installs Microsoft Edge package for Ubuntu distributions.
245#.EXAMPLE
246#    installMsEdge
247#.NOTES
248#    This is an internal script function and should typically not be called directly.
249#.LINK
250#    https://MEM.Zone
251#.LINK
252#    https://MEM.Zone/ISSUES
253
254    ## Variable declaration
255    local edgeMajorVersion
256
257    ## Set variables
258    edgeMajorVersion=$(dpkg -l | grep -i "microsoft-edge-stable" | awk '{print $3}' | cut -d '.' -f 1)
259
260    ## Install Microsoft Edge if not already installed
261    if [[ $edgeMajorVersion -lt 102 ]]; then
262        curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
263        sudo install -o root -g root -m 644 microsoft.gpg /etc/apt/trusted.gpg.d/
264        sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/edge stable main" > /etc/apt/sources.list.d/microsoft-edge.list'
265        sudo rm microsoft.gpg
266        sudo apt update
267        #  Add the missing GPG key if it's not available
268        sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EB3E94ADBE1229CF
269        sudo apt-get update
270        #  Install Microsoft Edge
271        sudo apt install microsoft-edge-stable -y
272    else
273        echo "Microsoft Edge Web Browser version 102 or newer is already installed."
274    fi
275}
276#endregion
277
278#region Function installMsIntunePortal
279function installMsIntunePortal() {
280#.SYNOPSIS
281#    Installs Microsoft Intune Portal package.
282#.DESCRIPTION
283#    Installs Microsoft Intune Portal package for Ubuntu distributions.
284#.EXAMPLE
285#    installMsIntunePortal
286#.NOTES
287#    This is an internal script function and should typically not be called directly.
288#.LINK
289#    https://MEM.Zone
290#.LINK
291#    https://MEM.Zone/ISSUES
292
293    ## Variable declaration
294    local appName
295    local appExec
296
297    ## Set variables
298    appName="intune-portal"
299    appExec="/opt/microsoft/intune/bin/intune-portal"
300
301    ## Install Microsoft Edge
302    installMsEdge
303
304    ## Install Microsoft Intune Portal
305    sudo apt-get install intune-portal -y
306
307    ## Create desktop shortcut
308    cat > intunestartup.desktop <<EOF
309[Desktop Entry]
310Name=${appName}
311Exec=${appExec}
312Type=Application
313Terminal=false
314EOF
315
316## Move the desktop file to the appropriate directory
317sudo mv intunestartup.desktop /usr/share/applications/
318
319## Set execution permissions for the desktop file
320sudo chmod +x /usr/share/applications/intunestartup.desktop
321
322## Create a symbolic link in the autostart directory
323sudo ln -s /usr/share/applications/intunestartup.desktop /etc/xdg/autostart/
324}
325#endregion
326
327#endregion
328##*=============================================
329##* END FUNCTION LISTINGS
330##*=============================================
331
332##*=============================================
333##* SCRIPT BODY
334##*=============================================
335#region ScriptBody
336
337## Check if script is running as root
338runAsRoot "$FULL_SCRIPT_NAME"
339
340## Start logging
341startLogging "$LOG_NAME" "$LOG_DIR" "$LOG_HEADER"
342
343## Show script version and suppress terminal output
344echo "Running $SCRIPT_NAME version $SCRIPT_VERSION"
345
346## Check if OS is supported
347checkSupportedOS "$SUPPORTED_OS_MAJOR_VERSION"
348
349## Initializing first repo sync so we get up to date packages
350sudo apt update
351
352## Install Microsoft Signing package
353installMsSigningPackage
354
355## Install Intune Portal app
356installMsIntunePortal
357
358## Workaround to mitigate disk encryption issues
359consoleUser=$(who | awk 'NR==1{print $1}')
360sudo usermod -a -G disk "$consoleUser"
361
362## Reboot to start Intune Company Portal
363sudo reboot
364
365#endregion
366##*=============================================
367##* END SCRIPT BODY
368##*=============================================

SHARE

article card image dark article card image light

Published by · Apr 11, 2024 tools · 2 mins read

Introducing: Intune macOS Onboarding Tool

Onboard macOS devices to Microsoft Intune using a bash script that initiates the process. Optionally, the script converts mobile accounts, resets the FileVault key, and removes ...

See More
article card image dark article card image light

Published by · Jan 23, 2024 tools · 3 mins read

Introducing: Intune Device Renaming Tool

Rename Intune Devices by setting a Prefix or using a User Attribute as Prefix. Supports Windows, macOS, and Linux ...

See More