Passive Agent registration allows you to create customized configurations that register and scan hosts associated with network users contained in your LDAP or Active directory. Scanning requires an agent, however, the agent does not need to be installed by the user. The agent is provided using an external method, such as Group Policy Objects, and launched when the user logs into the domain. Users experience a slight delay while logging in but are unaware that their hosts are being scanned.
When a user connects to the network and logs in, FortiNAC determines the directory group to which the user belongs. Based on that group, a Passive Agent configuration is used. The configuration registers the user and the associated host in FortiNAC. If enabled, the agent scans the host to verify that it is in compliance with the appropriate endpoint compliance policy. The scan can be specified in the configuration or determined by FortiNAC based on the user/host profile of the user or host.