See 2026 UPDATE.

I wish I didn’t have to use this abomination of a software from MicroSlop, but I have to. After spending countless hours (and even more in 2026) I had to document this, at least for my own sake.

Common misconceptions

• There is no need to install openjdk-11-jdk package (not really anymore, see 2026 UPDATE). It is not available in Debian 12 but can be installed from unstabe. Don’t do it, it’s not worth the risk of mixing stable with unstable. Instead you can use msopenjdk-11 package from MicroSlop’s repository (see below) and create a dummy openjdk-11-jre to satisfy the dependency.
• There is no need to install Edge browser, unless you need it for some other reason. Intune does not require it.
• There is no need to fake /etc/os-release file during enrolment (see below), but maybe be needed later for compliance check.

General steps

1. Create and install a dummy openjdk-11-jre package (see 2026 UPDATE).
2. sudo apt install msopenjdk-11 (comes from MicroSlop’s repository, which you added at the previous step).
3. Symlink openjdk-11-jdk to msopenjdk-11:

   ln -s \
     /usr/lib/jvm/msopenjdk-11-amd64 \
     /usr/lib/jvm/java-11-openjdk-amd64
   

4. update-alternatives --config java and select the one that points to msopenjdk-11.
5. Follow Ubuntu 22.04 instructions to install Intune.
6. Finally run intune-portal.

• When running Intune for the first time and clicking “Sign up” it will open a separate second window to enter your corporate email. If this new window is blank, see troubleshooting section below.
• After entering your email, it should open yet another third window (yes, 3 windows total!) to enter your corporate password. If it did not open another window, see troubleshooting section below.
• After authenticating, you should see the last screen with the “Register” button. If you instead see “Get the app” button, see troubleshooting section below.

Troubleshooting

• When clicking “Sign up”, the new window is blank. The content is there but for some reason it fails to render. One workaround is to blindly navigate to the input field. Click the window in the top left corner and press Tab, it should jump to the input field, then type in your corporate email and press Enter. It should open a new window for entering password, which will have its content visible. Another workaround is to run a separate X server with software renderer:

  sudo apt install xserver-xephyr
  Xephyr -ac -br -noreset -screen 1280x1024 :1 &
  # optionaly, run some window manager to be able to change window geometry:
  # DISPLAY=:1 openbox &
  DISPLAY=:1 intune
  

• After entering email there is no separate third window to enter password, instead it asks for password in the same second window. Possible reasons: – No symlink to msopenjdk-11. – Intune fails to create a keyring to store the tokens. See Keyring Troubleshooting.

• You authenticated but it shows “Get the app” button. After clicking the button nothing happens. See the previous step.

• You get error [1001]. This can mean anything (classic MicroSlop) but most likely it one of the following:
  • Too many attempts to enrol, the procedure might be temporarily blocked. Try again later.
  • Still something is wrong with the keyring. See Keyring Troubleshooting.
• If device compliance check asks you to to downgrade to a supported distribution, grab /etc/os-release from Ubuntu 22.04 installation (you may use this one) and keep it updated. Outdated version in os-release may fail the compliance check.

Keyring Troubleshooting

This chapter is also 2026 updated.

To be totally safe, we will create a new keyring setup. You will have to figure out yourself how to merge it later with the old one, or check if someone already commented on it.

1. Install seahorse (unless already installed):

   sudo apt install seahorse
   

2. Move your old keyring setup somewhere else, e.g. rename it to keyrings~:

   mv -v ~/.local/share/keyrings{,~}
   

3. Restart gnome-keyring-daemon (this will also recreate the keyring directory in ~/.local/share/keyrings):

   systemctl --user restart gnome-keyring-daemon.service
   

4. Re-login, to avoid any running application to try access a not-yet-ready keyring.

5. Start seahorse. In the UI click the plus button “+”, then select “Password keyring”, name it “Default”, optionally set the password (previously blank password was fine but I’m 100% sure anymore, check if someone already commented on it), finally click “Create”. Right click the “Default” keyring in the side bar and select “Set as default”.

6. Now start intune-portal and try to enroll again.

2026 UPDATE

Pretty much the old guide still applies with one correction: intune-portal now has a hard dependency on openjdk-11-jre package. Workaround is to create a dummy package:

1. Install equivs:

   sudo apt install equivs
   

2. Create package description template:

   mkdir dummy-openjdk-11-jre
   cd dummy-openjdk-11-jre
   equivs-control openjdk-11-jre
   

3. Edit openjdk-11-jre file and replace all the content with following:

   Package: openjdk-11-jre
   Version: 11.999
   Provides: openjdk-11-jre
   

4. Create a .deb package:

   equivs-build openjdk-11-jre
   

5. Install the newly created package:

   sudo dpkg -i ./openjdk-11-jre_11.999_all.deb
   

Now you can install intune-portal normally.