Portal works well for what you want with the exception of fully public maps.
But that's what AGOL is for.
To let all users inside your firewalls access maps, you just share them to everyone and make sure you have anonymous access allowed. Of course, any user inside your firewall should already be authenticated on your network. And the general public shouldn't be allowed inside your firewalls so the term "everyone" on a Portal means everyone in the company.
This get trickier if you really want to publish public maps for the general population.
Your best bet is to publish those maps to AGOL. Again, published to everyone with anon access allowed.
And in this case, you're really publishing to everyone.
If you're going to allow the general public inside your firewalls, chances are you're going to be up against it with your IT guys. It would mean punching a hole in your firewalls that would destroy your security.
I understand that you can do this by standing up a Portal out in a DMZ zone. Then you have to deal with proxies, etc in order to securely communicate with your internal Portal. This is not a trivial setup.
Without a really compelling reason, it seems to me that AGOL is the obvious solution for any public facing maps.
I have a hard time even thinking up a scenario where I'd want to publish for the general public and not do it on AGOL.
Especially with the new 10.5.1 communication methods across Portals, AGOL, etc...
Best of luck, hope this helped some.
-Paul