Fortinet black logo

EMS Administration Guide

Initially deploying FortiClient software to endpoints

Initially deploying FortiClient software to endpoints

Following is an overview of how to initially deploy FortiClient to endpoints and connect them to EMS. You can use one of the following methods:

Deployment method

Description

Microsoft System Center Configuration Manager (SCCM) or group policy object (GPO)

  1. Create a custom deployment package (MSI file) on EMS. See Adding a FortiClient deployment package.
  2. Deploy the FortiClient deployment package to desired endpoints using one of the following:
    1. SCCM: Deploy applications with Configuration Manager.
    2. GPO: Use Group Policy to remotely install software.

Mobile device management (MDM)

Use an MDM application to initially deploy FortiClient to the desired endpoints. FortiClient supports the following MDM applications. See the guide for each MDM application:

Sending installer link to end users

  1. Create a custom deployment package on EMS. See Adding a FortiClient deployment package.
  2. Create an invitation on EMS, configuring the invitation to be sent to all desired end users. See Invitations.
  3. The end user receives an email or SMS notification that includes the configured invitation code and installer. They install FortiClient on their devices using the included installer and enter the invitation code to connect their FortiClient to EMS.
Note

After FortiClient and EMS establish a Telemetry connection, you can push FortiClient updates to endpoints using EMS. The aforementioned methods are only required for initial FortiClient deployment to endpoints. See Deployment & Installers.

Note

In 7.2.0, you cannot deploy initial FortiClient installations to Active Directory domain-joined devices. You must use one of the aforementioned methods to deploy initial FortiClient installations.

Initially deploying FortiClient software to endpoints

Following is an overview of how to initially deploy FortiClient to endpoints and connect them to EMS. You can use one of the following methods:

Deployment method

Description

Microsoft System Center Configuration Manager (SCCM) or group policy object (GPO)

  1. Create a custom deployment package (MSI file) on EMS. See Adding a FortiClient deployment package.
  2. Deploy the FortiClient deployment package to desired endpoints using one of the following:
    1. SCCM: Deploy applications with Configuration Manager.
    2. GPO: Use Group Policy to remotely install software.

Mobile device management (MDM)

Use an MDM application to initially deploy FortiClient to the desired endpoints. FortiClient supports the following MDM applications. See the guide for each MDM application:

Sending installer link to end users

  1. Create a custom deployment package on EMS. See Adding a FortiClient deployment package.
  2. Create an invitation on EMS, configuring the invitation to be sent to all desired end users. See Invitations.
  3. The end user receives an email or SMS notification that includes the configured invitation code and installer. They install FortiClient on their devices using the included installer and enter the invitation code to connect their FortiClient to EMS.
Note

After FortiClient and EMS establish a Telemetry connection, you can push FortiClient updates to endpoints using EMS. The aforementioned methods are only required for initial FortiClient deployment to endpoints. See Deployment & Installers.

Note

In 7.2.0, you cannot deploy initial FortiClient installations to Active Directory domain-joined devices. You must use one of the aforementioned methods to deploy initial FortiClient installations.