I wish I didn’t have to use this abomination of a software from Microsoft, but I have to. After spending countless hours I had to document this in case I have to go through this again.

Common misconceptions:

• There is no need to install openjdk-11-jdk package. It is not available in Debian 12 but can be installed from unstabe. Don’t do it, it’s not worth the risk of mixing stable with unstable. Instead you can use msopenjdk-11 package from Microsoft’s repository (see below).
• There is no need to install Edge browser, unless you need it for some other reason. Intune does not require it.
• There is no need to fake /etc/os-release file during setup (see below).

General steps:

1. Follow Ubuntu 22.04 instructions to install Intune.
2. apt install msopenjdk-11 (comes from Microsoft’s repository, which you added at the previous step).
3. Symlink openjdk-11-jdk to msopenjdk-11:

   ln -s \
     /usr/lib/jvm/msopenjdk-11-amd64 \
     /usr/lib/jvm/java-11-openjdk-amd64
   

4. update-alternatives --config java and select the one that points to msopenjdk-11.
5. Finally run intune-portal.

• When running Intune for the first time and clicking “Sign up” it will open a separate second window to enter your corporate email. If this new window is blank, see troubleshooting section below.
• After entering your email, it should open yet another third window (yes, 3 windows total!) to enter your corporate password. If it did not open another window, see troubleshooting section below.
• After authenticating, you should see the last screen with the “Register” button. If you instead see “Get the app” button, see troubleshooting section below.

Troubleshooting:

1. When clicking “Sign up”, the new window is blank. The content is there but for some reason it fails to render. One workaround is to blindly navigate to the input field. Click the window in the top left corner and press Tab, it should jump to the input field, then type in your corporate email and press Enter. It should open a new window for entering password, which will have its content visible. Another workaround is to run a separate X server with software renderer:

   sudo apt install xserver-xephyr
   Xephyr -ac -br -noreset -screen 1280x1024 :1 &
   # optionaly, run some window manager to be able to change window geometry:
   # DISPLAY=:1 openbox &
   DISPLAY=:1 intune
   

2. After entering email there is no separate third window to enter password, instead it asks for password in the same second window. Possible reasons:
   • No symlink to msopenjdk-11.
   • Intune fails to create a keyring to store the tokens. See below how to use Seahorse to debug this problem.

3. You authenticated but it shows “Get the app” button. After clicking the button nothing happens. See the previous step.

4. You get error [1001]. Most likely you tried too many times to authenticate and the procedure is temporarily blocked. Try again in 10 minutes or later.

5. If device compliance check asks you to to downgrade to a supported distribution (LOL), grab /etc/os-release from Ubuntu 22.04 installation (you may use this one).

To debug the keyring problem, install and run Seahorse (apt install seahorse). Click the + button in the corner and make sure there is a menu item to create “Password keyring”. If there is no such item, happy debugging. Possibly something is wrong with how dbus daemon is launched.