Quick Overview Comparison between Intune Azure and Silverlight Portal? I’m really excited to share the comparison video and post of Intune Silverlight and the new Intune in MEM portal.
Loads of new features and loads of very useful changes. All the new Azure tenants with a new Microsoft EMS subscription will be able to access a preview version of Intune in the MEM portal.
The performance, look and feel of Intune console is far better than Intune Silverlight console. Intune in MEM portal helps us to eliminate loads of duplication works which we need to perform in terms of creating groups in Azure AD and Intune groups.
In the new portal, we can direct deploy applications, policies, profiles, etc… to Azure Active Directory Dynamic device groups and user groups. Enrolment restriction rules and RBA for Intune admins are other most exciting features for me within the new portal.
Manage Apps node is the place where you can create apps from the Android store, Apple Store, and Windows store. The most exciting feature in Manage apps is that you can directly search the Apple App store (Yes, I think for preview we have only the option to select US store) and fetch the application from there.
Hence you don’t need to specify the properties of that app. Deployments in the new MEM portal are called ASSIGNMENTS. You can directly deploy applications to AAD groups. One thing missing in the review version of Intune is an option to uploads MSI applications.
Configure Device node is the place in new Azure console where you can create configuration policies for iOS, Android for Work, Android and Windows devices. In the Intune Silverlight portal, configuration policies have build-in generic policies for windows, iOS, Android etc…similarly new Intune portal in Azure has build-in profiles.
We have different profile types called Device Restriction policies, WiFi profiles, VPN profiles, SCEP deployment profiles, eMail profiles etc… Device restriction policies are nothing but the build-in configuration policies for specific device platform.
Set device compliance is the node where you can create new improved compliance policies for all the supported devices like iOS, Android, and Windows. The improvement over the Silverlight Intune portal is that we can select the device platform explicitly in the compliance policies.
Also, depending upon the device platform, the separate compliance policies will get applied to different devices (even if a user is targeted to iOS, Android, and Windows compliance policies). Deployment of compliance policies is done via assignments in Intune portal.
Conditional Access node in new Intune portal got very less options if you compare it with Intune Silverlight conditional access options. All the device based conditional access rules are moved out of Intune. Now those device based conditional access rules are part of Azure Active Directory. Device based conditional access policy has loads of granular options more conditions, more control options etc…
Enroll Devices node is where you can define enrolment restriction rules. Enrolment restriction rules are the rules which help to restrict the devices from enrolling into Intune. The enrolment restriction rule comes before conditional access verification. Within enrolment restriction rules, we can have different types of restrictions like Device Type restriction and Device Limit restrictions.
Device type restriction is the place where we can select device platforms and platform configurations. Enroll Devices node is the place where you can also define/configure Windows Hello for business, check the MDM management authority, Terms and conditions, Corporate device identities, and apple MDM push certificates.
Access control is the place where we can define custom security permissions for Administrator users. Role based administrator (RBA) is enabled in new Intune portal where you create your own customized Intune admin roles.
Once you created a security role, you can create a new assignment to it and add Members Group and Scope Groups. Following are the permission options available in Intune review portal – Device Configurations, Managed Apps, Managed Devices, Mobile Apps, Organization, Remote tasks, Roles, Telecom Expenses and Terms and conditions.
Reference doc – https://docs.microsoft.com/en-us/intune-azure/introduction/what-is-microsoft-intune
Conditional Access in Azure Portal – https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal