There have been several new announcements over the last few days regarding EMS, but the one that many have been holding out for is the public preview of the Intune admin experience in the Azure Portal. While we can’t quite lay our Silverlight dependency to rest just yet, it’s getting closer. We’ve had MAM without enrolment in the Azure Portal for quite a while, recently user groups have moved out of Intune groups, and now the new portal preview.

What’s in the preview?

December 2016 (initial release)

  • Deploy and manage apps from a store to iOS, Android, and Windows devices
  • Deploy and manage line of business (LOB) apps to iOS, Android, and Windows devices
  • Deploy and manage volume-purchased apps to iOS, and Windows devices
  • Deploy and manage web apps for Android, iOS, and Windows devices
  • Volume-purchased apps for iOS (business and education)
  • iOS managed app configuration profiles
  • Configure app protection policies, and deploy line of business apps to devices that are not enrolled with Intune
  • VPN profiles, per-app VPN, Wi-Fi, email, and certificate profiles
  • Compliance policies
  • Conditional access for Azure AD
  • Conditional access for On-Premises Exchange
  • Device enrollment
  • Role-based access control

Here are the Intune team’s update for December 2016.

Public preview of the new Intune admin experience on Azure

In early calendar year 2017 we will be migrating our full admin experience onto Azure, allowing for powerful and integrated management of core EMS workflows on a modern service platform that’s extensible using Graph APIs.+

New trial tenants will start to see the public preview of the new admin experience in the Azure portal this month. While in preview state, capabilities and parity with the existing Intune console will be delivered iteratively.+

The admin experience in the Azure portal will use the already announced new grouping and targeting functionality; when your existing tenant is migrated to the new grouping experience you will also be migrated to preview the new admin experience on your tenant. In the meantime, if you want to test or look at any of the new functionality until your tenant is migrated, sign up for a new Intune trial account or take a look at the new documentation.+

If you have any questions about the timeline for your tenant’s migration, contact our migration team at

Telecom expense management integration in public preview of Azure portal

We are now beginning to preview integration with third-party telecom expense management (TEM) services within the Azure portal. You can use Intune to enforce limits on domestic and roaming data usage. We are beginning these integrations with Saaswedo.+

New Capabilities

Multi-factor authentication across all platforms

You can now enforce multi-factor authentication (MFA) on a selected group of users when they enroll an iOS, Android, Windows 8.1+, or Windows Phone 8.1+ device from the Azure Management Portal by configuring MFA on the Microsoft Intune Enrollment application in Azure Active Directory.+


Ability to restrict mobile device enrollment

Intune is adding new enrollment restrictions that control which mobile device platforms are allowed to enroll. Intune separates mobile device platforms as iOS, macOS, Android, Windows and Windows Mobile.+

    • Restricting mobile device enrollment does not restrict PC client enrollment.
    • For iOS only, there is one additional option to block the enrollment of personally owned devices.


Intune marks all new devices as personal unless the IT admin takes action to mark them as corporate owned, as explained in this article.+


Multi-Factor Authentication on Enrollment moving to the Azure portal

Previously, admins would go to either the Intune console or the Configuration Manager (earlier than release October 2016) console to set MFA for Intune enrollments. With this updated feature, you will now login to the Microsoft Azure portal using your Intune credentials and configure MFA settings through Azure AD. Learn more about this here.+

Company Portal app for Android now available in China 

We are publishing the Company Portal app for Android for download in China. Due to the absence of Google Play Store in China, Android devices must obtain apps from Chinese app marketplaces. The Company Portal app for Android will be available for download on the following stores:+


The Company Portal app for Android uses Google Play Services to communicate with the Microsoft Intune service. Since Google Play Services are not yet available in China, performing any of the following tasks can take up to 8 hours to complete. +

Intune Admin Console Intune Company Portal app for Android Intune Company Portal Website
Full wipe Remove a remote device Remove device (local and remote)
Selective wipe Reset device Reset device
New or updated app deployments Install available line-of-business apps Device passcode reset
Remote lock
Passcode reset


Firefox to no longer support Silverlight

Mozilla is removing support for Silverlight in version 52 of the Firefox browser, effective March 2017. As a result, you will no longer be able to log in to the existing Intune console using Firefox versions greater than 51. We recommend using Internet Explorer 10 or 11 to access the admin console, or a version of Firefox prior to version 52. Intune’s transition to the Azure portal will allow it to support a number of modern browsers without dependency on Silverlight.+

Removal of Exchange Online mobile inbox policies

Beginning in December, admins will no longer be able to view or configure Exchange Online (EAS) mobile mailbox policies within the Intune console. This change will roll out to all Intune tenants over December and January. All existing policies will stay as configured; for configuring new policies, use the Exchange Management Shell. Find out more information here.+

Intune AV Player, Image Viewer, and PDF Viewer apps are no longer supported on Android

From mid-December 2016 on, users will no longer be able to use the Intune AV Player, Image Viewer, and PDF Viewer apps. These apps have been replaced with the Azure Information Protection app. Find out more about the Azure Information Protection app here.