I’m really excited to share the comparison video and post of Intune Silverlight and new Intune in Azure portal. Loads of new features and loads of very useful changes. All the new Azure tenants with new Microsoft EMS subscription will be able to access a preview version of Intune in Azure portal. The performance, look and feel of Azure console is far better than Intune Silverlight console. Intune in azure portal helps us to eliminate loads of duplication works which we need perform in terms of creating groups in Azure AD and Intune groups. In the new portal, we can direct deploy applications, policies, profiles etc… to Azure Active Directory Dynamic device groups and user groups. Enrolment restriction rules and RBA for Intune admins are other most exciting features for me with in the new portal.
Manage Apps node is the place where you can create apps from Android store, Apple store and Windows store. The most exciting feature in Manage apps is that you can directly search Apple App store (Yes, I think for preview we have only option to select US store) and fetch application from there. Hence you don’t need to specify the properties of that app. Deployments in new Azure portal is called as ASSIGHMENTS. You can directly deploy application to AAD groups. One thing missing in the review version of Intune is option to uploads MSI applications.
Configure Device node is the place in new Azure console where you can create configuration policies for iOS, Android for Work, Android and Windows devices. In the Intune Silverlight portal, configuration policies have build-in generic policies for windows, iOS, Android etc…similarly new Intune portal in Azure has build-in profiles. We have different profile types called Device Restriction policies, WiFi profiles, VPN profiles, SCEP deployment profiles, eMail profiles etc… Device restriction policies are nothing but the build-in configuration policies for specific device platform.
Set device compliance is node where you can create new improved compliance policies for all the supported devices like iOS, Android and Windows. The improvement over Silverlight Intune portal is that we can select the device platform explicitly in the compliance policies. Also, depending upon the device platform, the separate compliance policies will get applied to different devices (even if user is targeted to iOS, Android and Windows compliance policies). Deployment of compliance policies are done via assignments in Intune portal.
Conditional Access node in new Intune portal got very less options if you compare it with Intune Silverlight conditional access options. All the device based conditional access rules are moved out of Intune. Now those device based conditional access rules are part of Azure Active Directory. Device based conditional access policy has loads of granular options more conditions, more control options etc…
Enroll Devices node is where you can define enrolment restriction rules. Enrolment restriction rules are the rules which helps to restrict the devices from enrolling into Intune. Enrolment restriction rule comes before conditional access verification. Within enrolment restriction rules, we can have different types of restrictions like Device Type restriction and Device Limit restrictions. Device type restriction is the place where we can select device platforms and platform configurations. Enroll Devices node is the place where you can also define/configure Windows hello for business, check the MDM management authority, Terms and conditions, Corporate device identities and apple MDM push certificates.
Access control is the place where we can define custom security permissions for Administrator users. Role based administrator (RBA) is enabled in new Intune portal where you create your own customized Intune admin roles. Once you created a security role, you can create a new assignment to it and add Members Group and Scope Groups. Following are the permission options available in Intune review portal – Device Configurations, Managed Apps, Managed Devices, Mobile Apps, Organization, Remote tasks, Roles, Telecom Expenses and Terms and conditions.
Conditional Access in Azure Portal – https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal