Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Agent Deployment Guide

    Home FortiDLP Agent 12.0.0 FortiDLP Agent Deployment Guide
    12.0.0
    12.0.0
    11.5.1
    11.4.6
    11.4.5
    11.4.3
    11.4.2
    11.3.4
    11.3.3
    11.3.2
    11.2.3
    11.2.0
    11.1.2
    11.1.1
    11.0.1
    10.5.1
    10.4.0
    10.3.1

    Deploying the FortiDLP Email Add-in to Windows

    Deploying the FortiDLP Email Add-in to Windows

    The FortiDLP Email Add-in monitors outbound email activity for New Outlook for Windows and Outlook on the Web. It is accessible in XML format from the FortiDLP Console's Admin settings (Integrations > Microsoft > New Outlook add-in).

    The FortiDLP Email Add-in requires a trusted certificate to communicate with the FortiDLP Agent. You can either use one that is automatically provisioned by FortiDLP or one that is externally managed by your organization:

    • When using an auto-provisioned certificate, the Agent automatically creates a local self-signed certificate. The Agent also automatically renews its certificate without manual intervention.
    • When using your own certificate, you will need to upload your private key file and certificate file to FortiDLP and then install the root certificate in the keychain. Your key and certificate must be PEM encoded, and your certificate must have a Subject Alternative Name (SAN) extension with the IP address 127.0.0.1.

    If you want to monitor Outlook on the Web when Firefox is used, you will also need to enable Enterprise Roots mode for your certificate to be trusted.

    After you configure and install your certificate (if applicable), you can manually deploy the FortiDLP Email Add-in using Microsoft Outlook.

    See the following instructions:

    1. How to configure a trusted certificate using FortiDLP
    2. How to install an externally managed (static) certificate using Windows PowerShell
    3. Optional: How to enable Enterprise Roots mode using Firefox
    4. How to deploy the FortiDLP Email Add-in using Microsoft Outlook.
    Caution

    The FortiDLP Email Add-in should only be deployed to users with devices which have the Agent installed and which also meet the requirements detailed in FortiDLP Agent optional requirements. Failure to meet these conditions will cause a pop-up message to display each time the user sends an email.

    Below, you will also find information on manually updating the add-in.

    How to configure a trusted certificate using FortiDLP
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Integrations > Microsoft, select the New Outlook add-in tab.
    3. In the FortiDLP Email Add-in section, expand the 2. Configure a trusted certificate for the Agent's local web server and install it (if applicable) panel.
    4. Do one of the following:
      • To use an auto-provisioned certificate:
        1. In the Certificate mode menu, select Auto-provisioned.
        2. Click Apply.
          3. Caution

          Once an auto-provisioned certificate has been deployed to devices, clicking the Regenerate certificate button in the Microsoft tab will break this trust.

      • To use an externally managed certificate:
        1. In the Certificate mode menu, select Static key pair.
        2. Click Upload key and select your private key file.
        3. Click Upload certificate and select your certificate file.
        4. Click Apply.
    How to install an externally managed (static) certificate using Windows PowerShell
    1. Open Windows PowerShell with administrator privileges.
    2. Run the following command, where <path> is the absolute path to your certificate file:
      Import-Certificate -FilePath <path> -CertStoreLocation Cert:\LocalMachine\Root.
    Optional: How to enable Enterprise Roots mode using Firefox
    1. In Firefox, in the address bar, type about:config and press Enter.
    2. Click Accept the Risk and Continue.
    3. In the Search field, type enterprise.
    4. Set the following preferences to true.
    5. Restart Firefox.
    How to deploy the FortiDLP Email Add-in using Microsoft Outlook

    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Integrations > Microsoft, select the New Outlook add-in tab.
    3. In the FortiDLP Email Add-in section, expand the 3. Deploy the FortiDLP Email Add-in panel.
    4. Do one of the following:
      • To deploy the add-in using the URL, click Copy manifest URL.
      • To deploy the add-in using the XML file, click Download manifest.
    5. In Microsoft Outlook, on the Home tab, click ... > Get Add-ins.
    6. In the left-hand panel, click My add-ins.
    7. Scroll down, click Add a custom add-in, and select one of the following options:
      • To deploy the add-in using the URL:
        1. Click Add from URL.
        2. In the Enter the URL of the add-in's manifest file field, paste the URL you copied.
        3. Click OK.
        4. In the Warning dialog box, click Install.
      • To deploy the add-in using the XML file:
        1. Click Add from File.
        2. Select the XML file you downloaded.
        3. In the Warning dialog box, click Install.

    The FortiDLP Email Add-in will display in the Custom Add-ins section of Outlook when the install completes.

    After you deploy the FortiDLP Email Add-in, enable email monitoring for the node using Agent configuration groups. For details, refer to the FortiDLP Administration Guide.

    Optionally, you can also enable email policies. For details, refer to the FortiDLP Policies Reference Guide.

    How to update the FortiDLP Email Add-in

    In rare cases, it may be necessary to manually update the FortiDLP Email Add-in. For details, see Updating the FortiDLP Email Add-in.

    Previous
    Next

    Deploying the FortiDLP Email Add-in to Windows

    Deploying the FortiDLP Email Add-in to Windows

    The FortiDLP Email Add-in monitors outbound email activity for New Outlook for Windows and Outlook on the Web. It is accessible in XML format from the FortiDLP Console's Admin settings (Integrations > Microsoft > New Outlook add-in).

    The FortiDLP Email Add-in requires a trusted certificate to communicate with the FortiDLP Agent. You can either use one that is automatically provisioned by FortiDLP or one that is externally managed by your organization:

    • When using an auto-provisioned certificate, the Agent automatically creates a local self-signed certificate. The Agent also automatically renews its certificate without manual intervention.
    • When using your own certificate, you will need to upload your private key file and certificate file to FortiDLP and then install the root certificate in the keychain. Your key and certificate must be PEM encoded, and your certificate must have a Subject Alternative Name (SAN) extension with the IP address 127.0.0.1.

    If you want to monitor Outlook on the Web when Firefox is used, you will also need to enable Enterprise Roots mode for your certificate to be trusted.

    After you configure and install your certificate (if applicable), you can manually deploy the FortiDLP Email Add-in using Microsoft Outlook.

    See the following instructions:

    1. How to configure a trusted certificate using FortiDLP
    2. How to install an externally managed (static) certificate using Windows PowerShell
    3. Optional: How to enable Enterprise Roots mode using Firefox
    4. How to deploy the FortiDLP Email Add-in using Microsoft Outlook.
    Caution

    The FortiDLP Email Add-in should only be deployed to users with devices which have the Agent installed and which also meet the requirements detailed in FortiDLP Agent optional requirements. Failure to meet these conditions will cause a pop-up message to display each time the user sends an email.

    Below, you will also find information on manually updating the add-in.

    How to configure a trusted certificate using FortiDLP
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Integrations > Microsoft, select the New Outlook add-in tab.
    3. In the FortiDLP Email Add-in section, expand the 2. Configure a trusted certificate for the Agent's local web server and install it (if applicable) panel.
    4. Do one of the following:
      • To use an auto-provisioned certificate:
        1. In the Certificate mode menu, select Auto-provisioned.
        2. Click Apply.
          3. Caution

          Once an auto-provisioned certificate has been deployed to devices, clicking the Regenerate certificate button in the Microsoft tab will break this trust.

      • To use an externally managed certificate:
        1. In the Certificate mode menu, select Static key pair.
        2. Click Upload key and select your private key file.
        3. Click Upload certificate and select your certificate file.
        4. Click Apply.
    How to install an externally managed (static) certificate using Windows PowerShell
    1. Open Windows PowerShell with administrator privileges.
    2. Run the following command, where <path> is the absolute path to your certificate file:
      Import-Certificate -FilePath <path> -CertStoreLocation Cert:\LocalMachine\Root.
    Optional: How to enable Enterprise Roots mode using Firefox
    1. In Firefox, in the address bar, type about:config and press Enter.
    2. Click Accept the Risk and Continue.
    3. In the Search field, type enterprise.
    4. Set the following preferences to true.
    5. Restart Firefox.
    How to deploy the FortiDLP Email Add-in using Microsoft Outlook

    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Integrations > Microsoft, select the New Outlook add-in tab.
    3. In the FortiDLP Email Add-in section, expand the 3. Deploy the FortiDLP Email Add-in panel.
    4. Do one of the following:
      • To deploy the add-in using the URL, click Copy manifest URL.
      • To deploy the add-in using the XML file, click Download manifest.
    5. In Microsoft Outlook, on the Home tab, click ... > Get Add-ins.
    6. In the left-hand panel, click My add-ins.
    7. Scroll down, click Add a custom add-in, and select one of the following options:
      • To deploy the add-in using the URL:
        1. Click Add from URL.
        2. In the Enter the URL of the add-in's manifest file field, paste the URL you copied.
        3. Click OK.
        4. In the Warning dialog box, click Install.
      • To deploy the add-in using the XML file:
        1. Click Add from File.
        2. Select the XML file you downloaded.
        3. In the Warning dialog box, click Install.

    The FortiDLP Email Add-in will display in the Custom Add-ins section of Outlook when the install completes.

    After you deploy the FortiDLP Email Add-in, enable email monitoring for the node using Agent configuration groups. For details, refer to the FortiDLP Administration Guide.

    Optionally, you can also enable email policies. For details, refer to the FortiDLP Policies Reference Guide.

    How to update the FortiDLP Email Add-in

    In rare cases, it may be necessary to manually update the FortiDLP Email Add-in. For details, see Updating the FortiDLP Email Add-in.

    Previous
    Next