Compare Azure AD & Intune Conditional Access
Updated: Jul 22, 2018
One of the question I was asked a lot is: what's the difference between Azure AD and Intune Conditional Access.
In fact, in the background, the same conditional access process occurs but when it's time to configure them, some differences are noticeable.
Azure AD Conditional Access
Within Azure AD Conditional Access policies menu, in addition to being able to control your different Conditional Access policies, it's possible to manage additional features as:
Named locations - locations you defined to leverage them within your conditional access policies (as example, if you want to block list of countries/regions, IPs. But also to configure the MFA trusted IPs.
Custom controls - JSON based controls you can defined manually.
Term of use - if your company wants to communicate custom term of use and ask for user acceptance. Filter based on langage can be applied or even ask for the user to expand the whole term of use prior to accepting. It's also possible to filter this acceptance requirement based on Conditional Access policies.
VPN Connectivity - This option let you configure and fine tune the VPN connectivity of your company and how your users access your environment through Azure AD Conditional Access.
Classic policies - you can manage your previous policies (from Azure Classic portal/Intune Classic Portal/Intune App Protection Portal).
Intune Conditional Access
With the Intune Conditional Access blade, the Conditional Access policies are still available - basically, it's a shortcut to the Azure AD policies.
In addition, you have multiple options to control connectivity to Exchange.
Exchange ActiveSync - Here, you can modify the default message received by users who try to access Exchange with a non-compliant device. Furthermore, It will let you manage advanced settings and controls over devices who are not managed by Intune.
Exchange service connector - This section is pretty interesting for hybrid environment. You will be able to start the process to configure a connection between Intune and your Exchange environment. By this, you'll be able to leverage Conditional Access policies you configured within Intune on Azure.
Azure AD Conditional access blade will let you manage the full environment of your policies (configure your allow/block location lists), conditional access over VPN connection and classic policies who came from your previous environment.
Intune Conditional access blade is mainly focus on Intune controls and settings over Exchange (on-premise/Online).