Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Intune Deployment Guide

    Home FortiClient 7.2.0 Intune Deployment Guide
    7.2.0
    7.4.0
    7.2.0
    7.0.0

    Configuring Microsoft Intune integration to allow FortiClient (Android) to connect to EMS

    Configuring Microsoft Intune integration to allow FortiClient (Android) to connect to EMS

    Intune integration allows FortiClient endpoints to connect to EMS.

    To configure integration between Microsoft Intune and FortiClient (Android):
    1. In Microsoft Intune, go to Users > All users and select New user. Configure the user as desired. Click Create.

    2. Select the user that you created, then go to license.
    3. Under Select licenses, select Enterprise Mobility + Security E3. Under Enterprise Mobility + Security E3, enable Microsoft Intune. Enrolling devices requires the license. Click Save.

    4. Go to Groups. Select New Group, then configure the group as desired. Click Create.
    5. Go to the group that you created, then go to Members. Click Add members to add desired members to the group, including the user that you created in step 1.
    6. Enroll the device to the user:
      1. Download the Intune Company Portal app from the Google Play Store.
      2. Enter the user credentials that you configured in step 1 to download and install the profile.
    7. In Intune, go to Apps > All apps > Android enrollment > Managed Google Play. Add and approve FortiClient (Android) from the Google Play store. On the Assignments tab, click Add group, then select the group that you created in step 4.

    8. Create an app configuration policy:
      1. Go to Apps > App configuration policies, then click Create app configuration policy.
      2. On the Basics tab, from the Platform dropdown list, select Android. Click Next.
      3. On the Settings tab, configure the following:
        1. From the Configuration settings format dropdown list, select Use configuration designer.
        2. Under Configuration key, enter keys to allow FortiClient to register to and send information to EMS. Intune supports the following keys:

          Key

          Description

          device_id

          Device UDID.

          group_tag

          This value is used as a group tag for configuration in EMS. EMS uses this value as an installer ID to assign the endpoint to a group. See Group assignment rule types.

          cloud_invite_code

          FortiClient uses this value to connect to FortiClient Cloud. Enter the invite code that you received from FortiClient Cloud.

          user_name

          FortiClient username.

          You may want to avoid showing users the option to configure their own username. To instead populate the username using the username value in Intune, configure this key as {{username}}. You must also configure should_show_login_page to false so that users do not see the login page where they can provide their username.

          ems_server

          EMS IP address or hostname.

          ems_port

          Port number for FortiClient to connect Telemetry to EMS. By default, this is 8013.

          ems_key

          Telemetry connection key. The EMS administrator may require FortiClient to provide this key during connection.

          invitation_code

          Enter the FortiClient Cloud or on-premise EMS invitation code.

          FortiClient 7.2.3 and later versions support this key.

          mac_address

          Device MAC address.

          should_show_login_page

          Configure whether FortiClient presents a login page to the user. Enter true to present the login page and false to skip the login page.

          invalid_ems_certificate_warning

          Behavior to take when FortiClient detects that EMS has an invalid certificate. Enter one of the following values:

          • allow: connect to EMS with no warning.
          • warn: show a warning that allows the user to decide whether to connect or not.
          • deny: prevent users from connecting to EMS.

    9. When FortiClient starts on the device, it automatically connects to on-premise EMS or FortiClient Cloud, depending on the configuration.
    Previous
    Next

    Configuring Microsoft Intune integration to allow FortiClient (Android) to connect to EMS

    Configuring Microsoft Intune integration to allow FortiClient (Android) to connect to EMS

    Intune integration allows FortiClient endpoints to connect to EMS.

    To configure integration between Microsoft Intune and FortiClient (Android):
    1. In Microsoft Intune, go to Users > All users and select New user. Configure the user as desired. Click Create.

    2. Select the user that you created, then go to license.
    3. Under Select licenses, select Enterprise Mobility + Security E3. Under Enterprise Mobility + Security E3, enable Microsoft Intune. Enrolling devices requires the license. Click Save.

    4. Go to Groups. Select New Group, then configure the group as desired. Click Create.
    5. Go to the group that you created, then go to Members. Click Add members to add desired members to the group, including the user that you created in step 1.
    6. Enroll the device to the user:
      1. Download the Intune Company Portal app from the Google Play Store.
      2. Enter the user credentials that you configured in step 1 to download and install the profile.
    7. In Intune, go to Apps > All apps > Android enrollment > Managed Google Play. Add and approve FortiClient (Android) from the Google Play store. On the Assignments tab, click Add group, then select the group that you created in step 4.

    8. Create an app configuration policy:
      1. Go to Apps > App configuration policies, then click Create app configuration policy.
      2. On the Basics tab, from the Platform dropdown list, select Android. Click Next.
      3. On the Settings tab, configure the following:
        1. From the Configuration settings format dropdown list, select Use configuration designer.
        2. Under Configuration key, enter keys to allow FortiClient to register to and send information to EMS. Intune supports the following keys:

          Key

          Description

          device_id

          Device UDID.

          group_tag

          This value is used as a group tag for configuration in EMS. EMS uses this value as an installer ID to assign the endpoint to a group. See Group assignment rule types.

          cloud_invite_code

          FortiClient uses this value to connect to FortiClient Cloud. Enter the invite code that you received from FortiClient Cloud.

          user_name

          FortiClient username.

          You may want to avoid showing users the option to configure their own username. To instead populate the username using the username value in Intune, configure this key as {{username}}. You must also configure should_show_login_page to false so that users do not see the login page where they can provide their username.

          ems_server

          EMS IP address or hostname.

          ems_port

          Port number for FortiClient to connect Telemetry to EMS. By default, this is 8013.

          ems_key

          Telemetry connection key. The EMS administrator may require FortiClient to provide this key during connection.

          invitation_code

          Enter the FortiClient Cloud or on-premise EMS invitation code.

          FortiClient 7.2.3 and later versions support this key.

          mac_address

          Device MAC address.

          should_show_login_page

          Configure whether FortiClient presents a login page to the user. Enter true to present the login page and false to skip the login page.

          invalid_ems_certificate_warning

          Behavior to take when FortiClient detects that EMS has an invalid certificate. Enter one of the following values:

          • allow: connect to EMS with no warning.
          • warn: show a warning that allows the user to decide whether to connect or not.
          • deny: prevent users from connecting to EMS.

    9. When FortiClient starts on the device, it automatically connects to on-premise EMS or FortiClient Cloud, depending on the configuration.
    Previous
    Next