Intune/ EMS license required for Service Admins or Intune Admins
Heads up! Microsoft Intune requires all service admins (also known as Intune Admins) to have an Intune or Enterprise Mobility Suite (EMS) license assigned to them in order to access the Intune company portal.
Global Admin is a concept of Azure AD, not Intune. By default, only the tenant admin who created the Intune subscription has Global Admin role. While this account can do everything in Intune, it is not a best practice using this account to do common management tasks including upload apps. You should assign a service administrator account instead. According to the docs states, a service administrator account requires a Intune (or EMS) license to access the admin console but a tenant admin does not require.
As a best practice, do not use a global administrator for day-to-day management tasks. While a global administrator does not require an Intune license to access the Intune on Azure portal, in order to perform certain management tasks, such as setting up the Exchange service Connector, an Intune license is required.
I have tested a couple of scenarios in my multiple Intune subscriptions, the following are the results or key takeaways:
All Service Admins requires an Intune/ EMS license in order to access the new Intune portal (portal.azure.com)
Global Administrators do not require a license for basic management and configuration. However, they too require a license for creating service connectors or deploying applications on the new portal.
Intune Role based access can be used now for assigning granular level permissions to the admins on the Intune portal, however a license is mandatory.
To access the Office 365 portal, your account must have a Sign-in allowed set. In the Azure portal under Profile, set Block sign in to No to allow access. This status is different from having a license to the subscription. By default, all user accounts are Allowed. Users without administrator permissions can use the Office 365 portal to reset Intune passwords.