Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Agent Deployment Guide

    Home FortiDLP Agent 12.0.0 FortiDLP Agent Deployment Guide
    12.0.0
    12.0.0
    11.5.1
    11.4.6
    11.4.5
    11.4.3
    11.4.2
    11.3.4
    11.3.3
    11.3.2
    11.2.3
    11.2.0
    11.1.2
    11.1.1
    11.0.1
    10.5.1
    10.4.0
    10.3.1

    Bulk deploying the FortiDLP Email Plugin (Legacy) to Windows

    Bulk deploying the FortiDLP Email Plugin (Legacy) to Windows

    The FortiDLP Email Plugin (Legacy), which monitors inbound and outbound email activity for Classic Microsoft Outlook, is installed on devices out of the box—unless a tenant has been set to explicitly NOT install it. This is controlled via FortiDLP's "base configuration" Agent configuration group.

    Note

    If you do not want to install the plugin, you should disable the Agent-initiated legacy email plugin installation setting in your base configuration group and only apply settings using Microsoft GPO prior to enrolling Agents. For more information, refer to the FortiDLP Administration Guide.

    Because the FortiDLP Agent applies settings through the Windows Registry, it is important to ensure there are no conflicts with your existing Group Policies. You should incorporate the following settings into an existing Group Policy.

    Additionally, it is recommended that you add our code signing certificate as a Trusted Publisher in Microsoft GPO. This will suppress a dialog box that will otherwise display for users, which requests permission to install the plugin.

    See the following instructions:

    1. How to install the FortiDLP Email Plugin (Legacy) using Microsoft GPO
    2. How to suppress the FortiDLP Email Plugin (Legacy) install dialog using Microsoft GPO.

    How to install the FortiDLP Email Plugin (Legacy) using Microsoft GPO

    HKLM = HKEY_LOCAL_MACHINE hive

    HKCU = HKEY_CURRENT_USER /HKEY_USERS hive

    Key Value Type
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\AddIns\RevealOutlook N/A Key
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\AddIns\RevealOutlook\Description Reveal Outlook AddIn SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\AddIns\RevealOutlook\FriendlyName RevealOutlook SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\AddIns\RevealOutlook\LoadBehavior 0x3 DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\AddIns\RevealOutlook\Manifest See FortiDLP Email Plugin (Legacy) manifest file SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\AddIns\RevealOutlook N/A Key
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\AddIns\RevealOutlook\Description Reveal Outlook AddIn SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\AddIns\RevealOutlook\FriendlyName RevealOutlook SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\AddIns\RevealOutlook\LoadBehavior 0x3 DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\AddIns\RevealOutlook\Manifest See FortiDLP Email Plugin (Legacy) manifest file SZ
    HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\RevealOutlook\LoadBehavior 0x3 DWORD
    HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Office\Outlook\Addins\RevealOutlook\LoadBehavior 0x3 DWORD
    HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Resiliency\RevealOutlook 0x1 DWORD
    HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Resiliency\RevealOutlook 0x1 DWORD

    FortiDLP Email Plugin (Legacy) manifest file 

    file:///C:\Program Files\Jazz Networks\Agent\Outlook\RevealOutlook.vsto|vstolocal
    How to suppress the FortiDLP Email Plugin (Legacy) install dialog using Microsoft GPO
    1. Go to the Next DLP Support Portal and download our code signing certificate (ava-codesign.pem file).
    2. In Microsoft GPO, open Group Policy Management and create a GPO named Install FortiDLP Email Plugin Root CA.
    3. Right-click the GPO you created and select Edit.
    4. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies, right-click Trusted Publishers, and then select Import.
    5. Select the certificate PEM file you downloaded, and then click Next.
    6. On the Certificate Store page, click Place all certificates in the following store, and then click Next.
    7. On the Completing the Certificate Import Wizard page, click Finish.
    Note

    If the FortiDLP Email Plugin (Legacy) and FortiDLP Email Add-in are deployed to the same account, when Outlook desktop is used, the FortiDLP Email Add-in will display in the add-ins list and a message referencing the add-in will display to the user when they send emails. Despite this, only the FortiDLP Email Plugin (Legacy) will be enabled.
    Previous
    Next

    Bulk deploying the FortiDLP Email Plugin (Legacy) to Windows

    Bulk deploying the FortiDLP Email Plugin (Legacy) to Windows

    The FortiDLP Email Plugin (Legacy), which monitors inbound and outbound email activity for Classic Microsoft Outlook, is installed on devices out of the box—unless a tenant has been set to explicitly NOT install it. This is controlled via FortiDLP's "base configuration" Agent configuration group.

    Note

    If you do not want to install the plugin, you should disable the Agent-initiated legacy email plugin installation setting in your base configuration group and only apply settings using Microsoft GPO prior to enrolling Agents. For more information, refer to the FortiDLP Administration Guide.

    Because the FortiDLP Agent applies settings through the Windows Registry, it is important to ensure there are no conflicts with your existing Group Policies. You should incorporate the following settings into an existing Group Policy.

    Additionally, it is recommended that you add our code signing certificate as a Trusted Publisher in Microsoft GPO. This will suppress a dialog box that will otherwise display for users, which requests permission to install the plugin.

    See the following instructions:

    1. How to install the FortiDLP Email Plugin (Legacy) using Microsoft GPO
    2. How to suppress the FortiDLP Email Plugin (Legacy) install dialog using Microsoft GPO.

    How to install the FortiDLP Email Plugin (Legacy) using Microsoft GPO

    HKLM = HKEY_LOCAL_MACHINE hive

    HKCU = HKEY_CURRENT_USER /HKEY_USERS hive

    Key Value Type
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\AddIns\RevealOutlook N/A Key
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\AddIns\RevealOutlook\Description Reveal Outlook AddIn SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\AddIns\RevealOutlook\FriendlyName RevealOutlook SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\AddIns\RevealOutlook\LoadBehavior 0x3 DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\AddIns\RevealOutlook\Manifest See FortiDLP Email Plugin (Legacy) manifest file SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\AddIns\RevealOutlook N/A Key
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\AddIns\RevealOutlook\Description Reveal Outlook AddIn SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\AddIns\RevealOutlook\FriendlyName RevealOutlook SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\AddIns\RevealOutlook\LoadBehavior 0x3 DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\AddIns\RevealOutlook\Manifest See FortiDLP Email Plugin (Legacy) manifest file SZ
    HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\RevealOutlook\LoadBehavior 0x3 DWORD
    HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Office\Outlook\Addins\RevealOutlook\LoadBehavior 0x3 DWORD
    HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Resiliency\RevealOutlook 0x1 DWORD
    HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Resiliency\RevealOutlook 0x1 DWORD

    FortiDLP Email Plugin (Legacy) manifest file 

    file:///C:\Program Files\Jazz Networks\Agent\Outlook\RevealOutlook.vsto|vstolocal
    How to suppress the FortiDLP Email Plugin (Legacy) install dialog using Microsoft GPO
    1. Go to the Next DLP Support Portal and download our code signing certificate (ava-codesign.pem file).
    2. In Microsoft GPO, open Group Policy Management and create a GPO named Install FortiDLP Email Plugin Root CA.
    3. Right-click the GPO you created and select Edit.
    4. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies, right-click Trusted Publishers, and then select Import.
    5. Select the certificate PEM file you downloaded, and then click Next.
    6. On the Certificate Store page, click Place all certificates in the following store, and then click Next.
    7. On the Completing the Certificate Import Wizard page, click Finish.
    Note

    If the FortiDLP Email Plugin (Legacy) and FortiDLP Email Add-in are deployed to the same account, when Outlook desktop is used, the FortiDLP Email Add-in will display in the add-ins list and a message referencing the add-in will display to the user when they send emails. Despite this, only the FortiDLP Email Plugin (Legacy) will be enabled.
    Previous
    Next