HOWTO Microsoft Intune
Microsoft Intune App
The release of the Microsoft Intune Agent for IGEL OS provides visibility of IGEL OS devices within the Intune console giving admins a single place to asset track and apply security checks and policies.
The Microsoft Intune Agent for IGEL OS will allow registering the IGEL OS into EntraID, run Device Compliance checks and based on the compliance checks, apply conditional access policies to Azure Virtual Desktop and Windows 365. optionally running Microsoft Edge browser (also available now in the IGEL App Portal) allows device compliance checks and conditional access policies to Microsoft 365 SaaS apps.
Out of the box Device Compliance policies can be applied to IGEL OS endpoints based on the following conditions:
- OS Type
- OS Min Version
- OS Max Version
Need a more granular approach? No problem, there is an option to create custom scripts to really apply granular device compliance controls on IGEL OS.
NOTE:
- AVD client can be targeted for conditional access compliance. For this to work, the AVD client must be configured to use the Microsoft Authentication Library (MSAL) setting. This setting is found under Advanced Options for respective session.
IGEL BLOG: Microsoft Intune on IGEL App Portal – Custom Compliance Scripts for Entra Conditional Access with IGEL OS
NOTE: Content based on post by Fredrik Brattstig @virtualbrat
The Microsoft Intune Agent is now available in the IGEL App Portal, joining the Microsoft Edge app and the IGEL AVD app. The Intune Conditional Access app enables Entra conditional access capabilities with IGEL OS 12 to control access to Azure Virtual Desktop and Windows 365. It provides visibility of IGEL OS devices within the Intune console giving admins a single place to track assets and apply security checks and policies.
By using this method we know that:
- Device has to be enrolled in the company Intune (A trusted user needs to enroll the device)
-
The device has to be managed by the company UMS (We determine that it is not a random Intune enrolled device, it is a device that is managed by the company UMS)
-
Compliance script that checks the devices assigned UMS certificate has a certain sha256 fingerprint
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
|
- Compliance policy setting in Intune admin portal
NOTE: Replace Operand
string for your ums_fingerprint_sha256 value.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
|