Fortinet black logo

Third Party MDM Device Integration

Home FortiNAC 9.4.0 Third Party MDM Device Integration
9.4.0
9.4.0
9.2.0
9.1.0
8.8.0
8.7.0
8.6.0
8.5.0
8.3.0

Microsoft InTune

Microsoft InTune

Overview

When a rogue host is detected on the network, FortiNAC interfaces with the InTune Graph API and retrieves the host data. FortiNAC registers the host if it is already registered with InTune. FortiNAC polls InTune periodically in order to update records for those hosts already registered in FortiNAC.

FortiNAC collects the following host data from InTune:

  • Operating System

  • Host Name

  • Serial Number

  • Compliance Boolean

  • Model (Hardware Type)

  • Type (PC/Android/IOS)

  • Owner (User)

Authentication Types

There are three authentication types available with Azure AD in order to give FortiNAC consent/permission to read Microsoft InTune devices:

  • Certificate-based authentication (Version 9.4.6 and greater): This is the most secure method. During the authentication phase, FortiNAC will use the private key to sign the security-related data (tenant ID, client ID, scope, grant type, and client assertions). The MS Identity service will verify the signature using the associated public key.

    To integrate using this authentication type, click here.

  • Application Permissions (Versions 9.1.6, 9.2.3, 9.4 and greater): Provides a simpler process and better user experience compared to using Delegated Permissions. Allows FortiNAC to run as a background/daemon application and does not require a user delegated permission.

    To integrate using this authentication type, click on the applicable version:

    v9.4.6 and greater

    v9.4.5 and lower

  • Delegated Permissions (Versions 9.1.5, 9.2.2 and lower): Appliances with InTune integrations configured with this method will continue to operate as expected in higher versions of code. However, for new service connectors, administrators will be required to register with Application Permissions.

Previous
Next

Microsoft InTune

Overview

When a rogue host is detected on the network, FortiNAC interfaces with the InTune Graph API and retrieves the host data. FortiNAC registers the host if it is already registered with InTune. FortiNAC polls InTune periodically in order to update records for those hosts already registered in FortiNAC.

FortiNAC collects the following host data from InTune:

  • Operating System

  • Host Name

  • Serial Number

  • Compliance Boolean

  • Model (Hardware Type)

  • Type (PC/Android/IOS)

  • Owner (User)

Authentication Types

There are three authentication types available with Azure AD in order to give FortiNAC consent/permission to read Microsoft InTune devices:

  • Certificate-based authentication (Version 9.4.6 and greater): This is the most secure method. During the authentication phase, FortiNAC will use the private key to sign the security-related data (tenant ID, client ID, scope, grant type, and client assertions). The MS Identity service will verify the signature using the associated public key.

    To integrate using this authentication type, click here.

  • Application Permissions (Versions 9.1.6, 9.2.3, 9.4 and greater): Provides a simpler process and better user experience compared to using Delegated Permissions. Allows FortiNAC to run as a background/daemon application and does not require a user delegated permission.

    To integrate using this authentication type, click on the applicable version:

    v9.4.6 and greater

    v9.4.5 and lower

  • Delegated Permissions (Versions 9.1.5, 9.2.2 and lower): Appliances with InTune integrations configured with this method will continue to operate as expected in higher versions of code. However, for new service connectors, administrators will be required to register with Application Permissions.

Previous
Next