First published on TechNet on Oct 02, 2018
If you are an existing Intune customer, you may already be enforcing acceptance of your company terms using Intune’s Terms and Conditions feature. We are excited to provide you with a new option built upon Conditional Access that includes richer compliance controls. Azure Active Directory (Azure AD) has built their
to enable enforcement of company terms across Intune and other Microsoft services. With Azure AD, you have the flexibility of adding terms enforcement to your existing Conditional Access policies or creating new terms policies based on certain user flows. We’ve put together some FAQs that will help you understand this feature better.
Providing localized terms to end users
In Intune, admins can create multiple terms using localized text and then target those profiles to the groups of users that are thought to speak that language. The accuracy of the language shown will depend on how cleanly your user groups straddle spoken languages. In Azure AD, admins can create a single profile and attach multiple localized PDF files along with the designated language of each file. End users will then be shown the correct PDF based on the localization settings of their device. Devices in languages not configured with its own localized PDF will fall back to the language listed on top.
Adding branding and other images to company terms
Intune terms are text based and thus do not support adding company logos or other images. Azure AD terms render PDF files and thus have a much richer experience that allows for color, branding, images and hyperlink support.
Providing terms for non-enrollment scenarios
In Intune, terms are shown during device enrollment as well as inside the Company Portal for an already enrolled device. In Azure AD, you can choose to have your terms shown in other places and for more scenarios. Admins might still want a single variation of terms, but they wish to target it more widely to better catch their end users. Alternatively, some admins may choose to show different terms based on the application. For instance, admins may choose to target enrollment with specific terms relevant to their control of devices but target Office resources with a different set governing use of company resources. These Office relevant terms would then be prompted even for devices that never enroll. Because Azure AD terms sits on top of Conditional Access, you have the same level of flexibility in choosing which applications or resources will trigger the company terms.
Providing more granular compliance for acceptance of company terms
Certain regions need to separate terms and require unique acceptance of each. Azure AD has built support for this behavior. Some regions or industries require terms to be accepted on every device for the user or on every access of company resources. Azure AD is currently working to build these capabilities.
Intune Terms and Conditions:
How do I migrate my terms over?
Check out the
documentation on how to set up your terms profiles. Keep in mind that Intune and Azure AD terms are utilizing different infrastructures. So, if you decide to create terms inside Azure AD, remember to turn off the terms in Intune unless you want users to see both! Also, remember that when you switch, your end users will see the newly created Azure AD terms even if the content has not changed from what you had shown during Intune enrollment. If this concerns you, you may decide to wait until the next time you would have otherwise needed to update your company terms.
What's in the future for Intune terms and conditions?