Comment by ptx
4 days ago
How does this work if the conditional access policies require compliance with Microsoft's "security baseline" which involves e.g. checking that the latest Windows updates are installed?
Presumably the Microsoft software running on the Linux machine will report it as non-compliant and prevent you from logging in?
Microsoft Intune is officially available for Linux. This mechanism doesn't involve making a Linux system pretend it's Windows. It's just about making non-Edge browsers able to authenticate as Edge does.
Microsoft is aware that the authentication is coming from a Linux system, so presumably there are different policies involved.
I don't know how these things are administrated, but the Linux Intune software has a notion of "Compliance" that might involve periodically running some program decided by the company. If Intune decides the system is non-compliant, authentication still works, but Microsoft login knows the compliance status, so it might prevent you from accessing certain applications, depending on what the company has configured.
Also in my experience ability to sign in from Linux can be limited to certain groups, so regular Windows users can't just run Linux without some company approval.