In FortiClient 6.4.1, compliance depends on EMS and FortiOS. This feature is only available if using FortiClient 6.4.1 with EMS 6.4.1 and FortiOS 6.4.1.
The administrator can define compliance verification rules in EMS based on criteria such as certificates, the logged in domain, files present, OS versions, running processes, and registry keys. When a FortiClient endpoint registers to EMS, EMS dynamically groups the endpoint based on the compliance verification rules. FortiOS can receive the dynamic endpoint groups from EMS and use them to create dynamic firewall policies. The endpoint may be unable to access the network based on the compliance verification rules.
See the FortiClient EMS Administration Guide.