Intune Linux Runbook
Step-by-step Intune deployment runbook for onboarding managed Linux endpoints to thoth governance.
Use this runbook for Ubuntu or Debian employee workstations managed by Intune.
1. Before you begin
Confirm on target groups:
- onboarding values available (
tenant_id,apex_domain) - Claude Desktop baseline is installed
thoth,node, andnpxare present
2. Deploy the Linux config file
Deploy:
/etc/thoth/thoth-config.json
Ensure the setup script runs only after this file is present.
3. Deploy Linux setup script
Assign your Linux setup script (for example deploy/intune/linux/setup-claude-mcp.sh) to Linux device groups.
Expected script behavior:
- detect logged-in desktop employee
- resolve binaries deterministically
- wrap Claude config at
~/.config/Claude/claude_desktop_config.json - restart Claude Desktop for that employee when needed
4. Validate on pilot endpoint
Also verify:
/etc/thoth/thoth-config.jsonis present and valid JSON~/.config/Claude/claude_desktop_config.jsonis governed- setup logs include successful completion (
/var/log/thoth-setup.log)
5. Rollout pattern
Use staged scope expansion:
- Test Linux group
- Pilot Linux group
- Broad Linux rollout
Troubleshooting
| Symptom | Likely cause | What to check |
|---|---|---|
| Config file missing | Config assignment did not run first | Confirm /etc/thoth/thoth-config.json exists before setup assignment |
| Claude config not updated | Logged-in user detection failed | Check desktop session discovery in setup log |
node or npx missing | Node baseline not deployed | Validate dependency baseline on Linux groups |
| Setup script exits non-zero | Invalid config JSON or missing binary | Validate JSON syntax and resolved binary paths |
| Governance health fails after rollout | Routing values incorrect | Validate tenant_id / apex_domain and endpoint network access |