Enterprise Mobility Suite / Exchange access

For a start, it will be good to know Activesync which I assume you already know, serves different focus compared to InTune. In fact, if you are already using ActiveSync Mailbox Policies to manage mobile devices and Exchange Server is adequately meeting all of your MDM needs, there is probably no reason to use Intune. However, if you are reconsidering MDM, then Windows Intune do contribute better in this aspects like having health alerts for mobile devices and can be used to deliver applications too. Excahnges relies on ActiveSync mailbox policies primarily to secure and apply policy settings to secure and manage mobile devices.

So if Intune is still an option, the focus for the Mobile device management found on the Exchange is taken over by it covering aspects such as
- Enables user-installed software with install line-of-business applications (automates push app)
- Ability to add and remove managed devices, these can be determine by self managed by User
- Support for dynamic membership queries, allows timely apps deployment to specific target device
- Integrated identity federation, like MS ADFS 2.0, allowing federation with on premise AD, thus it  manages distributed assets without having to manage AD accounts for those assets
- Centralized user interfaces for PCs and mobile devices, with a Portal for users to invoke self-service actions such as installing applications and downloading policies.

I suggest you check out this series of article stepping through one use case with Intune supporting conditional access policies for on-premises Exchange Server. It include sharing a walk through of end user experience once they have been blocked from email.
http://blogs.technet.com/b/microsoftintune/archive/2015/10/29/the-new-and-improved-quarantine-experience-in-conditional-access-for-on-premises-exchange-using-microsoft-intune.aspx

Catch also the On-demand Webcasts that covers one area that you may be interested
e.g. How do I make e-mail and Office secure on mobile devices?
e.g. Extend your existing Active Directory to the cloud
https://azureinfo.microsoft.com/EMS-Series-US.html?ls=Social&WT.mc_id=Blog_Intune_General_PCIT

For the reliance of Azure, I will say it is dependent on the option you chose for management e.g.

We can configure and run Intune in two different ways:

Intune stand-alone. As a cloud-based solution, we can use any Silverlight-enabled web browser to manage Intune without any on-premises IT infrastructure (although we can have a DirSync/AADSync on-premises to synchronize user accounts into Azure Active Directory (AD) which Intune uses as we will later see);

Intune with System Center Configuration Manager. Intune can be integrated with System Center 2012 Configuration Manager (SCCM), allowing organizations to manage all of its devices through a single console, the Configuration Manager Admin Console, further extending both Intune’s and SCCM’s management capabilities.

But do note this before confirming the option to take

As a warning, you should consider carefully whether you want to manage mobile devices using Intune only or SCCM with Intune integration. After you set the mobile device management authority to either of these options, it can only be changed again by raising a support case with Microsoft. As such, it is best if you make the right choice first time around.

See more details of the run through configuration for both in http://www.msexchange.org/articles-tutorials/exchange-server-2013/mobility-client-access/intune-and-exchange-activesync-part1.html

Hello thanks for the detailed reply!

A quick question - so reading through,it looks like InTune provides the MDM / MAM functionality, not the connection back to Exchange. Does this mean that we have to publish Activesync externally so the devices can connect?

It's not a solution like Good, Citrix Worx and so on where the Exchange connection is via their own middleware servers?