Create the following shell file on your machine and name it
intune_device_id.sh:
#!/bin/sh
echo $(awk -F' = ' '/^device_hint / {print $2;}' "/home/$USER/.config/intune/registration.toml" | tr -d "'" 2>/dev/null)NOTE
This script works on Ubuntu only. Microsoft Intune does not support other Linux distributions. Because of this, set a condition in the AppGate ZTNA admin UI to apply this device claim to Ubuntu devices only (see Condition below).
In the AppGate ZTNA admin UI, go to Identity and then Device Claim Scripts.
Click + Add New and fill in the following fields:
Name:
linux_intune_idFile: Upload the file
intune_device_id.sh
Click Save.
Go to Identity and then Identity Providers.
Select the identity providers you use to authenticate your users. Scroll down to Configure On-demand Device Claims and click + Add.
Fill in the following fields:
Field | Value |
|---|---|
Command | Run Device Claim Script |
Device Claim Script |
|
Arguments | Leave blank |
Claim Name |
|
Platform | All Linux devices |
Click Done, then click Save.
NOTE
For this device claim to take effect, the end user must log out of the AppGate ZTNA client and log back in.
Condition
This configuration works on Ubuntu only. Microsoft Intune does not support other Linux distributions. Set a condition in the AppGate ZTNA admin UI to apply this device claim to Ubuntu devices only:
Go to Access > Conditions and add a new condition referencing the risk rule you created in ZTP Cloud Console using Microsoft Intune.
Go to Access > Entitlements and add the condition to a new or existing entitlement to restrict access based on risk level.