Fix Microsoft Identity Broker Memory Leak on Ubuntu - Automated Setup Script

setup-microsoft-intune.sh

#!/usr/bin/env bash
set -e

export DEBIAN_FRONTEND=noninteractive
DISTRIBUTION="${1:-insiders-fast}"

# Check and install dependencies
check_dependencies() {
    local missing=()
    command -v curl >/dev/null 2>&1 || missing+=("curl")
    command -v gpg >/dev/null 2>&1 || missing+=("gpg")
    command -v lsb_release >/dev/null 2>&1 || missing+=("lsb-release")

    if [[ ${#missing[@]} -gt 0 ]]; then
        echo "Installing missing dependencies: ${missing[*]}"
        apt-get update -qq
        apt-get install -y "${missing[@]}"
    fi
}

show_microsoft_ubuntu_channels() {
    local release="$1"
    local channel="$2"
    local base_url="https://packages.microsoft.com/ubuntu"

    if [[ -z "$release" ]]; then
        return 1
    fi

    # If channel is provided, validate and print the URL
    if [[ -n "$channel" ]]; then
        local validate_url="${base_url}/${release}/prod/dists/${channel}/main/"
        local html

        if ! html=$(curl -fsSL "$validate_url"); then
            echo "Error: Failed to fetch $validate_url" >&2
            return 1
        fi

        # Check if the page contains links (has <a href tags)
        if ! grep -q '<a href=' <<< "$html"; then
            echo "Error: No valid content found at $validate_url" >&2
            return 1
        fi

        printf "https://packages.microsoft.com/ubuntu/%s/prod %s main\n" "$release" "$channel"
        return 0
    fi

    # List channels for the release
    local dist_url="${base_url}/${release}/prod/dists/"
    local channels_html

    if ! channels_html=$(curl -fsSL "$dist_url"); then
        echo "Error: Failed to fetch $dist_url" >&2
        return 1
    fi

    # Parse channel names and output as newline-delimited list
    printf '%s\n' "$channels_html" | \
        grep -oP '<a href="[^.][^/]+/">[^<]+/</a>' | \
        sed -E 's|<a href="([^"]+)/">.*|\1|' | \
        grep -v '^\.\.$' | \
        sort

    return 0
}

check_dependencies

# Determine Ubuntu version
UBUNTU_VERSION=$(lsb_release -rs)

echo "Detected Ubuntu $UBUNTU_VERSION"

# Show available distributions if requested or if distribution invalid
if [[ "$DISTRIBUTION" == "list" ]] || [[ "$DISTRIBUTION" == "--list" ]]; then
    echo "Available distributions for Ubuntu $UBUNTU_VERSION:"
    show_microsoft_ubuntu_channels "$UBUNTU_VERSION"
    exit 0
fi

# Validate the distribution exists
echo "Validating distribution: $DISTRIBUTION"
if ! REPO_LINE=$(show_microsoft_ubuntu_channels "$UBUNTU_VERSION" "$DISTRIBUTION"); then
    echo "Error: Distribution '$DISTRIBUTION' not found for Ubuntu $UBUNTU_VERSION"
    echo ""
    echo "Available distributions:"
    show_microsoft_ubuntu_channels "$UBUNTU_VERSION"
    exit 1
fi

echo "Using repository: $REPO_LINE"

# Install GPG key
if [[ ! -f /usr/share/keyrings/microsoft.gpg ]]; then
    echo "Installing Microsoft GPG key..."
    curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /tmp/microsoft.gpg
    install -o root -g root -m 644 /tmp/microsoft.gpg /usr/share/keyrings/microsoft.gpg
    rm /tmp/microsoft.gpg
fi

# Add/update repository
UBUNTU_CODENAME=$(lsb_release -cs)
echo "Configuring repository..."
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] $REPO_LINE" \
    > /etc/apt/sources.list.d/microsoft-ubuntu-${UBUNTU_CODENAME}-prod.list

# Update and install/upgrade
echo "Updating package lists..."
apt-get update -y -qq

echo "Installing/upgrading intune-portal..."
apt-get install -y intune-portal

echo ""
echo "Setup complete for distribution: $DISTRIBUTION"
echo ""
echo "Installed packages:"
dpkg -s intune-portal | grep -E '^(Package|Version|Status):'
dpkg -s microsoft-identity-broker | grep -E '^(Package|Version|Status):'

Microsoft Identity Broker Memory Leak Fix for Ubuntu

Issue

Microsoft Identity Broker version 2.0.1 (installed via the official stable channel) has a severe memory leak on Linux, consuming 8GB+ RAM and causing OOM (Out Of Memory) killer to terminate active applications.

References

• Memory Leak Report: https://learn.microsoft.com/en-us/answers/questions/2243704/microsoft-identity-broker-memory-leak-on-linux
• Official Installation Guide: https://learn.microsoft.com/en-us/intune/intune-service/user-help/microsoft-intune-app-linux
• Microsoft Ubuntu Repository: https://packages.microsoft.com/ubuntu/24.04/prod/dists/

The Fix

Upgrade to microsoft-identity-broker 2.0.2+ from the insiders-fast channel. Version 2.0.3 removes the Java-based implementation, reducing memory usage from ~8GB to ~8MB.

How This Script Works

1. Auto-installs prerequisites: curl, gpg, lsb-release
2. Validates distribution channels: Checks against Microsoft's live repository to ensure the channel exists
3. Configures apt repository: Creates/updates /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-prod.list
4. Installs/upgrades packages: Uses apt-get install intune-portal which pulls in microsoft-identity-broker as a dependency
5. Shows installed versions: Displays both intune-portal and microsoft-identity-broker package versions

Usage

# Default: Install/upgrade to insiders-fast (fixed version 2.0.3)
sudo ./setup-microsoft-intune.sh

# Install Microsoft's official stable version (has memory leak)
sudo ./setup-microsoft-intune.sh noble

# Upgrade from stable to insiders-fast (recommended)
sudo ./setup-microsoft-intune.sh insiders-fast

List available distribution channels

  ./setup-microsoft-intune.sh list

Tested On

• Ubuntu 24.04 LTS (Noble Numbat)
• Works with both fresh installations and upgrades from 2.0.1 → 2.0.3