Use custom Bash scripts to configure Linux devices in Microsoft Intune


Custom configuration profiles shouldn't be used for sensitive information, such as WiFi connections or authenticating apps, sites, and more.

Using Microsoft Intune, you can add or create custom configuration settings for your Linux devices using custom Bash scripts. They're designed to add device settings and features that aren't built in to Intune.

In Intune, you import an existing Bash script, and then assign the script policy to your Linux users and devices. Once assigned, the settings are distributed. They also create a baseline or standard for Linux in your organization.

This article lists the steps to add an existing script and has a GitHub repo with some sample scripts.


Import the script

  1. Sign in to the Microsoft Intune admin center.

  2. Select Devices > Scripts > Add > Linux:

    Screenshot that shows the Microsoft Intune admin center and how to select devices, scripts, add, and select Linux from the drop-down list to add a custom Bash script.

  3. In Basics, enter the following properties:

    • Name: Enter a descriptive name for the policy. Name your policies so you can easily identify them later.
    • Description: Enter a description for the policy. This setting is optional, but recommended.
  4. Select Next.

  5. In Configuration settings, configure the following settings:

    • Execution context: Select the context the script is executed in. Your options:

      • User (default): When a user signs in to the device, the script runs. If a user never signs into the device, or there isn't any user affinity, then the script doesn't run.
      • Root: The script always runs (with or without users logged in) at the device level.
    • Execution frequency: Select how frequently the script is executed. The default is Every 15 minutes.

    • Execution retries: If the script fails, enter how many times Intune should retry running the script. The default is No retries.

    • Execution Script: Select the file picker to upload an existing Bash script. Only add .sh files.

      Microsoft has some sample Bash scripts at

    • Bash Script: After you add an existing Bash script, the script text is shown. You can edit this script.

  6. Select Next.

  7. In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as US-NC IT Team or JohnGlenn_ITDepartment. For more information about scope tags, see Use RBAC and scope tags for distributed IT.

    Select Next.

  8. In Assignments, select the users or groups that will receive your profile. For more information on assigning profiles, see Assign user and device profiles.

    Select Next.

  9. In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.

Next steps

You can also run shell scripts on macOS and Windows.