Semi-Protected devices

Linux Enrollment Guide

This guide explains how to enroll your Linux device into semi-protected mode.

Currently supported systems are:

  • Ubuntu LTS: 22.04, 24.04 (23.04 is supported with additional manual steps)
  • Kubuntu LTS: 22.04, 24.04
  • Linux Mint LTS versions

If you are not sure how to proceed, or something does not work as expected, please contact Helpdesk. Our team can guide you through process.

1. Connect to VPN

Before starting enrollment, ensure your device is connected to unmanaged VPN.
This connection is required so that Microsoft Intune can communicate with our company systems during enrollment process. Follow this guide to setup FortiClient VPN on Linux device.

2. Run Enrollment Script

Enrollment process is automated through a script that installs all required components.
Open terminal and run following command:

curl -fsSL https://4financemacos.blob.core.windows.net/public/semi-protected-devices/enroll.sh | sudo bash

If curl is not installed, you can use wget:

wget -qO- https://4financemacos.blob.core.windows.net/public/semi-protected-devices/enroll.sh | sudo bash

Script will:

  • Detect your Linux distribution and version
  • Install Microsoft Edge
  • Install Microsoft Intune Portal
  • Install Microsoft Identity Broker (required for secure login)

You will be prompted to enter your password to allow package installation. Process may take several minutes, depending on network speed.

3. Reboot Your Device

When installation finishes, your system will automatically reboot within 2 minutes.
You can press Enter to restart immediately.

4. Complete Intune Enrollment

After reboot, follow these steps:

  1. Make sure you are still connected to unmanaged VPN.
  2. Open application called Microsoft Intune.
  3. Sign in with 4finance email address and password.
  4. If prompted, confirm your login with MFA.
  5. Click Begin to start enrollment process.
  6. Intune will verify that your device meets compliance requirements (disk encryption, password policy).
  7. If required, enter your Linux account password during process.
  8. If your device does not meet requirements (e.g., missing encryption or weak password), Intune will mark it as non-compliant. Follow instructions provided to resolve issue.
    1. Disk encryption: Manual disk encryption may be attempted, but in most cases full reinstall of operating system with encryption enabled during installation is preferred and more reliable solution.
    2. Password policy: Update your password if required and refresh your device status in Intune.
  9. Once your device is marked as compliant, enrollment is complete.

5. Troubleshooting

  • If Intune login fails, reboot your device and try again.
  • If your device remains non-compliant after enrollment, wait a few minutes and refresh status. If issue continues, take a screenshot and contact Helpdesk.

6. Done

Enrollment complete. Your Linux device is now secured in semi-protected mode.

Support

If you experience issues during or after enrollment:

  • Contact Helpdesk for assistance

Back to Knowledge base

Desktop Devices

Provision MacOS device
Installing FortiClient VPN on Unmanaged Windows device
Installing FortiClient VPN on Unmanaged Linux device
Installing FortiClient VPN on Unmanaged MacOS device

Mobile Devices

Installing FortiClient 4finance Unmanaged VPN on Android device
Installing FortiClient 4finance Unmanaged VPN on iOS device

Account Management

How to Set Up Multi-Factor Authentication (MFA)
How to reset your 4Finance account password
How to connect to Terminal server

Office Space Booking

Booking work desk and parking spot
Office workdesk plan