![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 69%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,196 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello IMK-3051,
No As my colleague Jagadeesh mentioned above , Intune client support for linux is not available as yet and hence you will not be able to use conditional access policy to restrict it to specific machines using intune. In case you would like to requests this, You can up-vote a similar feature request on the Intune uservoice forums which product group monitors regularly.
As far as I understand you would like to restrict access to this VMs from Azure AD Joined devices only. You could use device auth to logon once you have joined the linux machine to the Azure Active Directory directly using Azure AD login VM extension. The extension requires the linux VM to have around 1GB of memory else it will fail to install hence the Linux VMs have to be chosen carefully for this. The users can then use Azure AD logon to login to the VM once Extension is configured properly. This is one way that will work for you and you may not need to use any VPN connectivity in this case.
Conditional access may not be possible at this point . the above feature is still in preview and have its restrictions and we would recommend you to test it in non-production workloads.
Once you go through the linux AAD logon article . You may find that the example provided is for user based logon however you can try using the group based restriction so that only the users who are part of a group can have access. Nested group concept does not work properly in all scenarios in Azure AD yet hence every user would need to be made direct member of this group who can logon to the Linux virtual machine. You can go through the section for configuring role assignments for the linux VM and you can use the group instead of the user. So you can create a group in Azure AD and find the objectID of the group from the portal as shown in Screenshot below.
az role assignment create --role "Virtual Machine Administrator Login" --assignee $group --scope $vm
Here the $group variable would store the object id of the group on AD which you have found above. Once you have provided the access you should get it working.
I have provided relevant links so that its easier to follow the instructions. I would suggest you to go through the links and test this solution in a lab before implementing it in non-critical workloads as the feature is still in preview and subject to change.
Hope the details helped. In case the information provided helped , please do mark it as answer so that it can be useful to others searching for similar queries. In case you have any further queries , feel free to let us know and we will try to help you with the same.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)