How to spoof linux_distribution_alloweddistros_item_minimumversion

[MastaG]

Hi there, I'm trying to spoof Ubuntu 20.04. I have my /etc/os-release setup like:

NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

The intune portal tells me my distribution is not supported any longer.

2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}:get_client{capability="LinuxDeviceCheckinService" resource=ResourceId("0000000a-0000-0000-c000-000000000000") endpoint="https://fef.msub05.manage.microsoft.com/TrafficGateway/TrafficRoutingService/LinuxMdm/LinuxDeviceCheckinService/" endpoint="https://fef.msub05.manage.microsoft.com/TrafficGateway/TrafficRoutingService/LinuxMdm/LinuxDeviceCheckinService/"}: Requesting a token silently resource=ResourceId("0000000a-0000-0000-c000-000000000000")
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: Exchanging device inventory properties with Intune
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: Calculated device properties device=DeviceClientDetails { device_id: "dcffb31d-0ebc-437f-8737-ad47d473807d", device_name: "razerblade15", manufacturer: "Razer", os_distribution: "ubuntu", os_version: "20.04" }
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}:exchange_device_details{device_id=dcffb31d-0ebc-437f-8737-ad47d473807d}: Exchanging device details
2024-06-07 09:48:45  WARN oneauth{tag="9a8hm"}: HTTP status: 404
2024-06-07 09:48:45  WARN oneauth{tag="5fsch"}: Failed to get image from Graph
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: Fetching latest policies from Intune
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}:fetch_latest_policies{device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: Retrieving latest policy information
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: Processing assigned policies policy_count=1
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: Processing policy id="e988ae63-7f09-4ed8-830d-5594a245860e" description=""
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: Evaluating version check version_string=">=65999.0.0.0"
2024-06-07 09:48:45 ERROR checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: Error processing semantic version check expected comma after patch version number, found '.'
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: No version constraint, skipping setting="linux_distribution_alloweddistros_item_maximumversion"
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: Reporting status to Intune statuses=[PolicyStatus { policy_id: "e988ae63-7f09-4ed8-830d-5594a245860e", last_status_date_time: "2024-06-07T09:48:45+02:00", details: [SettingStatus { rule_id: "002f8d3b-cce8-48bd-a645-776def59d887", setting_definition_item_id: "linux_distribution_alloweddistros_item_$type", expected_value: "ubuntu", actual_value: "ubuntu", new_compliance_state: Compliant, old_compliance_state: Unknown }, SettingStatus { rule_id: "127cbfe5-a701-4a1e-ab88-38ffe2f06de3", setting_definition_item_id: "linux_distribution_alloweddistros_item_minimumversion", expected_value: "65999.0.0.0", actual_value: "", new_compliance_state: Error, old_compliance_state: Error }, SettingStatus { rule_id: "2585ec5b-fac3-456c-80d5-c2b5a29b794e", setting_definition_item_id: "linux_distribution_alloweddistros_item_maximumversion", expected_value: "", actual_value: "", new_compliance_state: Compliant, old_compliance_state: Unknown }] }]
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}:report_policy_status{device_id=dcffb31d-0ebc-437f-8737-ad47d473807d}: Reporting status information
2024-06-07 09:48:45  INFO checkin{activity_id="ad621274-1094-42ec-8b04-5ce536644ba4"}:run_internal{account_id="83300712-106a-4b71-898a-05250ccf552a" device_id="dcffb31d-0ebc-437f-8737-ad47d473807d"}: Completed device checkin

As you can see, this seems to be the problem: setting_definition_item_id: "linux_distribution_alloweddistros_item_minimumversion", expected_value: "65999.0.0.0", actual_value: "", new_compliance_state: Error, old_compliance_state: Error

How does it fetch: linux_distribution_alloweddistros_item_minimumversion ?

[recolic]

It looks like your intune is broken before reaching this policy.

This is a good enrollment example:

SettingStatus { rule_id: "cad9dd2b-170e-43ee-a55c-7ed355c15abb", setting_definition_item_id: "linux_distribution_alloweddistros_item_minimumversion", expected_value: "20.4", actual_value: "20.4", new_compliance_state: Compliant, old_compliance_state: Unknown }

SettingStatus { rule_id: "3b230b5f-99ec-4b0e-88de-dad4c7cb5b01", setting_definition_item_id: "linux_distribution_alloweddistros_item_minimumversion", expected_value: "8.0", actual_value: "", new_compliance_state: Compliant, old_compliance_state: Compliant }

SettingStatus { rule_id: "8979e6c0-f7d3-4c6d-a3d4-1af9a78dd079", setting_definition_item_id: "linux_distribution_alloweddistros_item_minimumversion", expected_value: "20.04", actual_value: "20.04", new_compliance_state: Compliant, old_compliance_state: Unknown }

SettingStatus { rule_id: "4a67f348-c5d3-4c71-93cb-1d20590a1d33", setting_definition_item_id: "linux_distribution_alloweddistros_item_minimumversion", expected_value: "6.10", actual_value: "", new_compliance_state: Compliant, old_compliance_state: Compliant }

How does it fetch: linux_distribution_alloweddistros_item_minimumversion ?

intune-portal download this policy information from your organization's server.

[recolic]

your policy_id is e988ae63-7f09-4ed8-830d-5594a245860e, different with mine.

Are you a microsoft employee? If not, could you try enrollment on a good ubuntu machine, and save its os-release + lsb_release information?

intune-portal is getting all information from lsb_release and os-release.