Document
Library
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiProxy
NOC & SOC Management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
/
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
/
FortiVoice Cloud
FortiRecorder
/
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
/
FortiWeb Cloud
FortiADC
/
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
/
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
/
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
/
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Curated links by solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Define, Design, Deploy, Demo
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Search documents and hardware ...
EMS Administration Guide
Introduction
FortiClient EMS components
Documentation
Getting started
Getting started with managing Windows, macOS, and Linux endpoints
Initially deploying FortiClient software to endpoints
Pushing configuration information to FortiClient
Relationship between FortiClient EMS, FortiGate, and FortiClient
FortiClient in the Security Fabric
FortiClient with EMS
Quarantining an endpoint from FortiOS using EMS
Getting started with managing Chromebooks
Configuring FortiClient EMS for Chromebooks
Configuring the Google Admin console
Deploying a profile to Chromebooks
How FortiClient EMS and FortiClient work with Chromebooks
Installation preparation
System requirements
License types
FortiClient EMS
Free trial license
Windows, macOS, and Linux licenses
Chromebook licenses
Component applications
Required services and ports
Management capacity
Hardware configuration when EMS and SQL Server run on same machine with no FortiGate connected
Hardware configuration when EMS and SQL Server run on different machines with no FortiGate connected
Hardware configuration when there are FortiGates connected to the EMS
FortiClient Telemetry security features
Server readiness checklist for installation
Upgrading from an earlier FortiClient EMS version
Install preparation for managing Chromebooks
Installation and licensing
Downloading the installation file
Installing FortiClient EMS
Installing FortiClient EMS to specify SQL Server Enterprise or Standard instance
Installing FortiClient EMS using the CLI
Allowing remote access to FortiClient EMS and using custom port numbers
Customizing the SQL Server Express install directory
Starting FortiClient EMS and logging in
Configuring EMS after installation
Licensing FortiClient EMS
Licensing EMS by logging in to FortiCloud
Uploading a license file
Licensing EMS in an air-gapped network
License status
Help with licensing
Specifying different ports
Upgrading Microsoft SQL Server Express to Microsoft SQL Server Standard or Enterprise
Uninstalling FortiClient EMS
Installation and setup for managing Chromebooks
Google Admin Console setup
Logging into the Google Admin console
Adding the FortiClient Web Filter extension
Configuring the FortiClient Web Filter extension
Adding root certificates
Communication with the FortiClient Chromebook Web Filter extension
Communication with FortiAnalyzer for logging
Summary of where to add certificates
Uploading root certificates to the Google Admin console
Disabling access to Chrome developer tools
Disallowing incognito mode
Disabling guest mode
Blocking the Chrome task manager
Verifying the FortiClient Web Filter extension
Service account credentials
Configuring default service account credentials
Configuring unique service account credentials
Creating unique service account credentials
Adding service account credentials to the Google Admin console
Adding service account credentials to EMS
Verifying ports and services and connection between EMS and FortiClient
GUI
Banner
Left pane
Content pane
Dashboard
Viewing the Status
System Information widget
License Information widget
Status charts and widgets
Viewing the Vulnerability Scan dashboard
Viewing current vulnerabilities
Viewing the Endpoint Scan Status
Viewing the top 10 vulnerable endpoints with high risk vulnerabilities
Viewing top ten vulnerabilities on endpoints
Viewing Chromebook Status
Endpoint management
Windows, macOS, and Linux endpoints
Managing groups
Adding endpoints
Adding endpoints using an AD domain server
Connecting manually from FortiClient
Viewing endpoints
Viewing the Endpoints pane
Using the quick status bar
Viewing endpoint details
Filtering the list of endpoints
Using bookmarks to filter the list of endpoints
Viewing Sandbox event details
Sending endpoint classification tags to FortiAnalyzer
Managing endpoints
Running AV scans on endpoints
Running vulnerability scans on endpoints
Patching vulnerabilities on endpoints
Uploading FortiClient logs
Running the FortiClient diagnostic tool
Updating signatures
Downloading available FortiClient logs
Downloading available diagnostic results
Disconnecting and connecting endpoints
Quarantining an endpoint
Quarantining an endpoint from FortiOS using EMS
Excluding endpoints from management
Deleting endpoints
Group assignment rules
Group assignment rule types
Managing group assignment rule priority levels
Adding a group assignment rule
Enabling/disabling a group assignment rule
Deleting a group assignment rule
Google Domains
Adding a Google domain
Viewing domains
Viewing the Google Users pane
Viewing user details
Editing a domain
Deleting a domain
Deployment & Installers
Manage Deployment
Creating a deployment configuration
Managing deployment configuration priority levels
Enabling/disabling a deployment configuration
Deleting a deployment configuration
Deploying FortiClient upgrades from FortiClient EMS
Deploying different installer IDs to endpoints using the same deployment package
FortiClient Installer
Adding a FortiClient deployment package
Viewing deployment packages
Deleting a FortiClient deployment package
Endpoint Policy & Components
Manage Policies
Adding an endpoint policy
Editing an endpoint policy
Deleting an endpoint policy
Enabling/disabling an endpoint policy
Managing endpoint policy priority levels
Editing endpoint policy view
FortiClient management based on Active Directory user/user groups
CA Certificates
On-fabric Detection Rules
Chromebook Policy
Endpoint Profiles
Editing a default profile
Creating a new profile
Adding a new Chromebook profile
Managing profiles
Editing a profile
Cloning a profile
Syncing profile changes
Editing sync schedules
Exporting a profile
Importing a profile
Deleting profiles
Remote Access
SSL VPN
IPsec VPN
Configuring a profile with application-based split tunnel
Configuring a profile to allow or block endpoint from VPN tunnel connection based on the applied Zero Trust tag
Configuring a backup VPN connection
Using a browser as an external user-agent for SAML authentication in an SSL VPN connection
Per-machine prelogon VPN connection without user interaction
Autoconnect on logging in as an Azure AD user
Load balancing SSL VPN gateways with one FQDN
ZTNA Destinations
Wildcard support for ZTNA FQDN rules
FortiGate ZTNA service portal support
Inline CASB solution for SaaS applications
Web Filter
Importing a Web profile from FortiOS or FortiManager
Enabling and disabling Safe Search
Support banned word check in URL
Vulnerability Scan
Malware Protection
Sandbox
Firewall
System Settings
Configuring identity compliance for endpoints
FortiPAM integration
XML Configuration
Creating a profile with XML
Importing a profile from an XML file
Configuring encrypted ZTNA rules
Zero Trust Tags
Zero Trust Tagging Rules
Adding a Zero Trust tagging rule set
Editing a Zero Trust tagging rule set
Deleting a Zero Trust tagging rule
Importing and exporting a Zero Trust tagging rule set
Uploading signatures for FortiGuard Outbreak Alerts service
Managing tags
Zero Trust tagging rule types
Zero Trust Tag Monitor
FortiOS dynamic policies using EMS dynamic endpoint groups
Configuring FortiOS dynamic policies using EMS dynamic endpoint groups
Restricting VPN access to rogue/non-compliant devices with Security Fabric
Fabric Device Monitor
FortiGuard Outbreak Alerts
Software Inventory
Applications
Hosts
Quarantine Management
Files
Viewing quarantined files
Allowlisting quarantined files
Configuring quarantine management
Allowlist
Viewing allowlisted files
Editing file descriptions
Deleting a file from the allowlist
Administration
Administrators
Viewing users
Configuring user accounts
Activating a disabled account
Admin roles
Adding an admin role
Cloning an admin role
Deleting admin roles
Admin role permissions reference
Authentication Servers
Adding an AD server
Adding an API key
AD connector
Configuring Admin User Settings
Fabric Devices
Configuring EMS to share tagging information with multiple FortiGates
SAML SSO
Licenses
Log Viewer
Generate Diagnostic Logs
Marking all endpoints as uninstalled
User Management
Authorized User Groups
Verified Users
Unverified Users
Local users
SAML Configuration
Invitations
Configuring user verification with an LDAP server for authentication
Configuring user verification with SAML authentication and an LDAP domain user account
System Settings
Configuring EMS settings
Generating a QR code for centrally managing FortiClient (Android) and (iOS) endpoints
Configuring Logs settings
Configuring FortiGuard Services settings
Server Certificates
Adding an SSL certificate to FortiClient EMS
Alerts
Configuring EMS Alerts
Configuring Endpoint Alerts
Configuring SMTP Server settings
Viewing alerts
Custom Messages
Customizing the endpoint quarantine message
Customizing Web Filter messages
Feature Select
Multitenancy
Enabling and configuring multitenancy
Global and per-site configuration
Global configuration
Site level configuration
Left pane with multitenancy enabled
Editing a site
Adding a multitenancy administrator
Logging into EMS with multitenancy enabled
Redundancy
Fabric connection setup using traffic manager
Fabric connection setup using FortiGate as a load balancer
Azure SQL managed instance
Creating a support package
Migrating to another EMS instance
FortiClient EMS API
Home
FortiClient 7.2.0
EMS Administration Guide
7.2.0
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.9
6.4.8
6.4.7
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.8
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
Manage Policies
Manage Policies
The following sections describe policy management:
Adding an endpoint policy
Editing an endpoint policy
Deleting an endpoint policy
Enabling/disabling an endpoint policy
Managing endpoint policy priority levels
Editing endpoint policy view
FortiClient management based on Active Directory user/user groups
Previous
Next
Manage Policies
Manage Policies
The following sections describe policy management:
Adding an endpoint policy
Editing an endpoint policy
Deleting an endpoint policy
Enabling/disabling an endpoint policy
Managing endpoint policy priority levels
Editing endpoint policy view
FortiClient management based on Active Directory user/user groups
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Introduction
FortiClient EMS components
Documentation
Getting started
Getting started with managing Windows, macOS, and Linux endpoints
Initially deploying FortiClient software to endpoints
Pushing configuration information to FortiClient
Relationship between FortiClient EMS, FortiGate, and FortiClient
FortiClient in the Security Fabric
FortiClient with EMS
Quarantining an endpoint from FortiOS using EMS
Getting started with managing Chromebooks
Configuring FortiClient EMS for Chromebooks
Configuring the Google Admin console
Deploying a profile to Chromebooks
How FortiClient EMS and FortiClient work with Chromebooks
Installation preparation
System requirements
License types
FortiClient EMS
Free trial license
Windows, macOS, and Linux licenses
Chromebook licenses
Component applications
Required services and ports
Management capacity
Hardware configuration when EMS and SQL Server run on same machine with no FortiGate connected
Hardware configuration when EMS and SQL Server run on different machines with no FortiGate connected
Hardware configuration when there are FortiGates connected to the EMS
FortiClient Telemetry security features
Server readiness checklist for installation
Upgrading from an earlier FortiClient EMS version
Install preparation for managing Chromebooks
Installation and licensing
Downloading the installation file
Installing FortiClient EMS
Installing FortiClient EMS to specify SQL Server Enterprise or Standard instance
Installing FortiClient EMS using the CLI
Allowing remote access to FortiClient EMS and using custom port numbers
Customizing the SQL Server Express install directory
Starting FortiClient EMS and logging in
Configuring EMS after installation
Licensing FortiClient EMS
Licensing EMS by logging in to FortiCloud
Uploading a license file
Licensing EMS in an air-gapped network
License status
Help with licensing
Specifying different ports
Upgrading Microsoft SQL Server Express to Microsoft SQL Server Standard or Enterprise
Uninstalling FortiClient EMS
Installation and setup for managing Chromebooks
Google Admin Console setup
Logging into the Google Admin console
Adding the FortiClient Web Filter extension
Configuring the FortiClient Web Filter extension
Adding root certificates
Communication with the FortiClient Chromebook Web Filter extension
Communication with FortiAnalyzer for logging
Summary of where to add certificates
Uploading root certificates to the Google Admin console
Disabling access to Chrome developer tools
Disallowing incognito mode
Disabling guest mode
Blocking the Chrome task manager
Verifying the FortiClient Web Filter extension
Service account credentials
Configuring default service account credentials
Configuring unique service account credentials
Creating unique service account credentials
Adding service account credentials to the Google Admin console
Adding service account credentials to EMS
Verifying ports and services and connection between EMS and FortiClient
GUI
Banner
Left pane
Content pane
Dashboard
Viewing the Status
System Information widget
License Information widget
Status charts and widgets
Viewing the Vulnerability Scan dashboard
Viewing current vulnerabilities
Viewing the Endpoint Scan Status
Viewing the top 10 vulnerable endpoints with high risk vulnerabilities
Viewing top ten vulnerabilities on endpoints
Viewing Chromebook Status
Endpoint management
Windows, macOS, and Linux endpoints
Managing groups
Adding endpoints
Adding endpoints using an AD domain server
Connecting manually from FortiClient
Viewing endpoints
Viewing the Endpoints pane
Using the quick status bar
Viewing endpoint details
Filtering the list of endpoints
Using bookmarks to filter the list of endpoints
Viewing Sandbox event details
Sending endpoint classification tags to FortiAnalyzer
Managing endpoints
Running AV scans on endpoints
Running vulnerability scans on endpoints
Patching vulnerabilities on endpoints
Uploading FortiClient logs
Running the FortiClient diagnostic tool
Updating signatures
Downloading available FortiClient logs
Downloading available diagnostic results
Disconnecting and connecting endpoints
Quarantining an endpoint
Quarantining an endpoint from FortiOS using EMS
Excluding endpoints from management
Deleting endpoints
Group assignment rules
Group assignment rule types
Managing group assignment rule priority levels
Adding a group assignment rule
Enabling/disabling a group assignment rule
Deleting a group assignment rule
Google Domains
Adding a Google domain
Viewing domains
Viewing the Google Users pane
Viewing user details
Editing a domain
Deleting a domain
Deployment & Installers
Manage Deployment
Creating a deployment configuration
Managing deployment configuration priority levels
Enabling/disabling a deployment configuration
Deleting a deployment configuration
Deploying FortiClient upgrades from FortiClient EMS
Deploying different installer IDs to endpoints using the same deployment package
FortiClient Installer
Adding a FortiClient deployment package
Viewing deployment packages
Deleting a FortiClient deployment package
Endpoint Policy & Components
Manage Policies
Adding an endpoint policy
Editing an endpoint policy
Deleting an endpoint policy
Enabling/disabling an endpoint policy
Managing endpoint policy priority levels
Editing endpoint policy view
FortiClient management based on Active Directory user/user groups
CA Certificates
On-fabric Detection Rules
Chromebook Policy
Endpoint Profiles
Editing a default profile
Creating a new profile
Adding a new Chromebook profile
Managing profiles
Editing a profile
Cloning a profile
Syncing profile changes
Editing sync schedules
Exporting a profile
Importing a profile
Deleting profiles
Remote Access
SSL VPN
IPsec VPN
Configuring a profile with application-based split tunnel
Configuring a profile to allow or block endpoint from VPN tunnel connection based on the applied Zero Trust tag
Configuring a backup VPN connection
Using a browser as an external user-agent for SAML authentication in an SSL VPN connection
Per-machine prelogon VPN connection without user interaction
Autoconnect on logging in as an Azure AD user
Load balancing SSL VPN gateways with one FQDN
ZTNA Destinations
Wildcard support for ZTNA FQDN rules
FortiGate ZTNA service portal support
Inline CASB solution for SaaS applications
Web Filter
Importing a Web profile from FortiOS or FortiManager
Enabling and disabling Safe Search
Support banned word check in URL
Vulnerability Scan
Malware Protection
Sandbox
Firewall
System Settings
Configuring identity compliance for endpoints
FortiPAM integration
XML Configuration
Creating a profile with XML
Importing a profile from an XML file
Configuring encrypted ZTNA rules
Zero Trust Tags
Zero Trust Tagging Rules
Adding a Zero Trust tagging rule set
Editing a Zero Trust tagging rule set
Deleting a Zero Trust tagging rule
Importing and exporting a Zero Trust tagging rule set
Uploading signatures for FortiGuard Outbreak Alerts service
Managing tags
Zero Trust tagging rule types
Zero Trust Tag Monitor
FortiOS dynamic policies using EMS dynamic endpoint groups
Configuring FortiOS dynamic policies using EMS dynamic endpoint groups
Restricting VPN access to rogue/non-compliant devices with Security Fabric
Fabric Device Monitor
FortiGuard Outbreak Alerts
Software Inventory
Applications
Hosts
Quarantine Management
Files
Viewing quarantined files
Allowlisting quarantined files
Configuring quarantine management
Allowlist
Viewing allowlisted files
Editing file descriptions
Deleting a file from the allowlist
Administration
Administrators
Viewing users
Configuring user accounts
Activating a disabled account
Admin roles
Adding an admin role
Cloning an admin role
Deleting admin roles
Admin role permissions reference
Authentication Servers
Adding an AD server
Adding an API key
AD connector
Configuring Admin User Settings
Fabric Devices
Configuring EMS to share tagging information with multiple FortiGates
SAML SSO
Licenses
Log Viewer
Generate Diagnostic Logs
Marking all endpoints as uninstalled
User Management
Authorized User Groups
Verified Users
Unverified Users
Local users
SAML Configuration
Invitations
Configuring user verification with an LDAP server for authentication
Configuring user verification with SAML authentication and an LDAP domain user account
System Settings
Configuring EMS settings
Generating a QR code for centrally managing FortiClient (Android) and (iOS) endpoints
Configuring Logs settings
Configuring FortiGuard Services settings
Server Certificates
Adding an SSL certificate to FortiClient EMS
Alerts
Configuring EMS Alerts
Configuring Endpoint Alerts
Configuring SMTP Server settings
Viewing alerts
Custom Messages
Customizing the endpoint quarantine message
Customizing Web Filter messages
Feature Select
Multitenancy
Enabling and configuring multitenancy
Global and per-site configuration
Global configuration
Site level configuration
Left pane with multitenancy enabled
Editing a site
Adding a multitenancy administrator
Logging into EMS with multitenancy enabled
Redundancy
Fabric connection setup using traffic manager
Fabric connection setup using FortiGate as a load balancer
Azure SQL managed instance
Creating a support package
Migrating to another EMS instance
FortiClient EMS API