ploegert/new_Broker_Install.sh

## new_Broker_Install.sh
# Install Curl
sudo apt install curl

# Install Microsoft's public key
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings
rm microsoft.gpg

# Install the production packages:
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(lsb_release -cs) main" >> /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-prod.list'

# Install the insiders-fast package
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod insiders-fast main" >> /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-insiders-fast.list'

# Install Edge's dev channel repo
sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main" >> /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-edge-stable.list'

sudo apt update

# Install Edge
sudo apt install microsoft-edge-stable

# Install Intune
sudo apt install intune-portal

# instead of restarting the machine like intune asks, just restart the daemons
systemctl --user daemon-reload

# List installed packages & versions
sudo dpkg -l microsoft-identity-broker intune-portal microsoft-edge-stable azure-cli

#  =======================================================
# To support PRMFA (CBA/YubiKey with a PIV), Install Smart Card drivers
# Set up YubiKey
  sudo apt install pcscd yubikey-manager

#Yubikey/Edge Bridge
  sudo apt install opensc libnss3-tools openssl
  mkdir -p $HOME/.pki/nssdb
  chmod 700 $HOME/.pki
  chmod 700 $HOME/.pki/nssdb
  modutil -force -create -dbdir sql:$HOME/.pki/nssdb
  modutil -force -dbdir sql:$HOME/.pki/nssdb -add 'SC Module' -libfile /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so


  # ===================================================
  # PWQuality steps
  #Intune checks the pam_pwquality configuration for enforcement. Install libpam-pwquality, then make sure that password requirements meet the policy:

#sudo apt install libpam-pwquality

# check that the pam_pwquality line in /etc/pam.d/common-password contains at least the required settings:
#password    requisite           pam_pwquality.so retry=3 dcredit=-1 ocredit=-1 ucredit=-1 lcredit=-1 minlen=12

#sudo nano /etc/pam.d/common-password

#password    requisite      pam_pwquality.so retry=3 minlen=12 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1
	# Install Curl
	sudo apt install curl

	# Install Microsoft's public key
	curl https://packages.microsoft.com/keys/microsoft.asc \| gpg --dearmor > microsoft.gpg
	sudo install -o root -g root -m 644 microsoft.gpg /usr/share/keyrings
	rm microsoft.gpg

	# Install the production packages:
	sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(lsb_release -cs) main" >> /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-prod.list'

	# Install the insiders-fast package
	sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod insiders-fast main" >> /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-insiders-fast.list'

	# Install Edge's dev channel repo
	sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main" >> /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-edge-stable.list'

	sudo apt update

	# Install Edge
	sudo apt install microsoft-edge-stable

	# Install Intune
	sudo apt install intune-portal

	# instead of restarting the machine like intune asks, just restart the daemons
	systemctl --user daemon-reload

	# List installed packages & versions
	sudo dpkg -l microsoft-identity-broker intune-portal microsoft-edge-stable azure-cli

	# =======================================================
	# To support PRMFA (CBA/YubiKey with a PIV), Install Smart Card drivers
	# Set up YubiKey
	sudo apt install pcscd yubikey-manager

	#Yubikey/Edge Bridge
	sudo apt install opensc libnss3-tools openssl
	mkdir -p $HOME/.pki/nssdb
	chmod 700 $HOME/.pki
	chmod 700 $HOME/.pki/nssdb
	modutil -force -create -dbdir sql:$HOME/.pki/nssdb
	modutil -force -dbdir sql:$HOME/.pki/nssdb -add 'SC Module' -libfile /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so



	# ===================================================
	# PWQuality steps
	#Intune checks the pam_pwquality configuration for enforcement. Install libpam-pwquality, then make sure that password requirements meet the policy:

	#sudo apt install libpam-pwquality

	# check that the pam_pwquality line in /etc/pam.d/common-password contains at least the required settings:
	#password requisite pam_pwquality.so retry=3 dcredit=-1 ocredit=-1 ucredit=-1 lcredit=-1 minlen=12

	#sudo nano /etc/pam.d/common-password

	#password requisite pam_pwquality.so retry=3 minlen=12 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1
No results found