The folks at Microsoft identity division have just released the preview of Azure AD Conditional Access Policies for devicesm, users and applications in protecting the resource - this includes Office 365!
More details on this new feature in the link below.
So I am currently going through and teaching myself EMS and this article caught my eye as something to keep tabs on. One thing I have noticed that makes EMS so confusing at times is understanding the 5 or 6 different places that you can go in and set policies that sometimes seem to overlap.
For this example, can you help explain how setting this in Azure is different then setting conditional access in Intune?
All configuration settings for Intune will be migrated to the new Azure Portal.
Some new features will already be only be configurable in the new Portal.
So at this moment it is not really different in options, but more where to configure for which service.
Exchange Online/SharePoint Online and some others are supporting Conditional Access since the beginning and are only configurable in Intune. Others like Yammer are just added to support CA and are only configurable in the new Azure Portal. This is not ideal, but has to do with the transferring and i expect "deprecating" the silverlight Intune portal.
The complaince policy still needs to be configured in the Intune Portal.
Recommend looking into this architecture documentation where you have a
good description of the different settings. Intune is device based
polices while Azure AD pivots on the identity and the service being
accessed. With this new feature for device based access control Azure AD
policy can be defined to look for a device, pc that is domain joined,
registered or even compliant. The compliant setting requires that the
device is enrolled and reported as in compliance by Intune.