Securing Azure virtual server w/ Intune and CA

IMK 421 Reputation points


I have a virtual server resource (Linux server) in Azure, is it possible to secure access to this Azure recourse using Intune's Conditional Access? We have M365B licenses.

If this is not possible, is there any other way to secure Azure virtual server resource in a similar way so that access to the virtual server resource would be possible only from chosen devices (AAD Joined devices for example) without having to use VPN or so that secure access is always on for these chosen devices?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,411 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,190 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Shashi Shailaj 7,581 Reputation points Microsoft Employee

    Hello IMK-3051,
    No As my colleague Jagadeesh mentioned above , Intune client support for linux is not available as yet and hence you will not be able to use conditional access policy to restrict it to specific machines using intune. In case you would like to requests this, You can up-vote a similar feature request on the Intune uservoice forums which product group monitors regularly.

    As far as I understand you would like to restrict access to this VMs from Azure AD Joined devices only. You could use device auth to logon once you have joined the linux machine to the Azure Active Directory directly using Azure AD login VM extension. The extension requires the linux VM to have around 1GB of memory else it will fail to install hence the Linux VMs have to be chosen carefully for this. The users can then use Azure AD logon to login to the VM once Extension is configured properly. This is one way that will work for you and you may not need to use any VPN connectivity in this case.

    Conditional access may not be possible at this point . the above feature is still in preview and have its restrictions and we would recommend you to test it in non-production workloads.

    Once you go through the linux AAD logon article . You may find that the example provided is for user based logon however you can try using the group based restriction so that only the users who are part of a group can have access. Nested group concept does not work properly in all scenarios in Azure AD yet hence every user would need to be made direct member of this group who can logon to the Linux virtual machine. You can go through the section for configuring role assignments for the linux VM and you can use the group instead of the user. So you can create a group in Azure AD and find the objectID of the group from the portal as shown in Screenshot below.


    az role assignment create --role "Virtual Machine Administrator Login" --assignee $group --scope $vm  

    Here the $group variable would store the object id of the group on AD which you have found above. Once you have provided the access you should get it working.

    I have provided relevant links so that its easier to follow the instructions. I would suggest you to go through the links and test this solution in a lab before implementing it in non-critical workloads as the feature is still in preview and subject to change.

    Hope the details helped. In case the information provided helped , please do mark it as answer so that it can be useful to others searching for similar queries. In case you have any further queries , feel free to let us know and we will try to help you with the same.

    Thank you.

    0 comments No comments

  2. soumi-MSFT 11,756 Reputation points Microsoft Employee

    @IMK , The only available way is to implement AAD login for Azure Linux VMs. You can read more about that here. Once you enable the VM extension on the Azure Linux VM (following the steps mentioned in that article), you would be able to implement MFA for users using Conditional Access Policies while they login to the Azure Linux VM.

    Through Intune you cannot manage the Azure Linux VMs yet.

    Hope this helps. If the above response helped in answering your query, please do mark the response as Answer, so that it helps others too.

    0 comments No comments