Fortinet black logo

Intune Deployment Guide

Home FortiClient 7.2.0 Intune Deployment Guide
7.2.0
7.2.0
7.0.0

Enrolling FortiClient mobile endpoints to EMS with Intune integration

Enrolling FortiClient mobile endpoints to EMS with Intune integration

The Microsoft Intune integration allows FortiClient mobile endpoints to connect to EMS.

To enroll FortiClient mobile endpoints to EMS with Intune integration:
  1. In Intune, go to Users > All users.
  2. Select New user.
  3. Specify the appropriate user details.
  4. Select the created user. Go to license.
  5. Assign the Microsoft Intune license for the user. Enrolling devices requires the license. Click Save.

  6. Go to Groups > New Group. Configure a group as desired.
  7. Add members to the group, including the newly created user.
  8. To enroll the device to the user, download the Company Portal app from the Google Play or App store.
  9. Enter the user credentials to download the profile and install the profile on the device.
  10. In Intune, go to Apps > All Apps. Add FortiClient (Android) or (iOS) from the public app store to the list.
  11. Add the FortiClient (Android) or (iOS) app to the group.
  12. Go to Apps > App configuration policies. Create a new policy.
    1. Add key-value pairs. The intune_device_id key is mandatory. All other keys are optional. Intune supports the following app configuration keys for FortiClient mobile. The table indicates which keys apply for Android and for iOS:

      Key

      Description

      FortiClient (iOS) support

      FortiClient (Android) support

      cloud_invite_code

      This value is used for connecting FortiClient to FortiClient Cloud. Enter the invite code received from FortiClient Cloud.

      This key does not support configuring invitation codes from on-premise EMS.

      For FortiClient iOS, this key is mainly meant to support 7.2.2 and earlier versions, as the new invitation_code key is available for FortiClient (iOS) 7.2.3 and later versions. However, you can continue to use cloud_invite_code for FortiClient (iOS) 7.2.3 and later versions if you do not configure invitation_code.

      For FortiClient Android, this key is mainly meant to support 7.2.0 and earlier versions, as the new invitation_code key is available for FortiClient (Android) 7.2.1 and later versions. However, you can continue to use cloud_invite_code for FortiClient (Android) 7.2.1 and later versions if you do not configure invitation_code.

      device_id

      Device UDID.

      No

      Yes

      ems_key

      FortiClient Telemetry connection key. The EMS administrator may require FortiClient (Android) to provide this key during connection.

      Yes

      Yes

      ems_port

      Port number for FortiClient (Android) to connect Telemetry to EMS. By default, this is 8013.

      Yes

      Yes

      ems_server

      EMS IP address or hostname.

      Yes

      Yes

      group_tag

      This value is used as a group tag for configuration in EMS. For example, you can use the string “field engineer” as a group tag, which is used when FortiClient initially connects to EMS.

      Yes

      Yes

      intune_device_id

      This key is mandatory. For Value type, select string. In the Configuration value field, enter {{aaddeviceid}}.

      Yes

      Yes

      invitation_code

      This value is used for connecting FortiClient to on-premise FortiClient EMS. Enter the invite code received from on-premise EMS.

      7.2.3 and later versions

      7.2.1 and later versions

      mac_address

      Device MAC address.

      FortiClient (Android) and (iOS) support this key.

      Yes

      Yes

      udid

      Device UDID.

      FortiClient (iOS) supports this key.

      Yes

      Yes

      When FortiClient starts on the device, it automatically connects to the configured EMS instance. After connecting to EMS, the zero trust network access certificate is installed on the endpoint. You can verify this by doing one of the following:

      • For Android, use the My Certificates app.
      • For iOS, go to General settings > VPN & Device Management.
Previous
Next

Enrolling FortiClient mobile endpoints to EMS with Intune integration

The Microsoft Intune integration allows FortiClient mobile endpoints to connect to EMS.

To enroll FortiClient mobile endpoints to EMS with Intune integration:
  1. In Intune, go to Users > All users.
  2. Select New user.
  3. Specify the appropriate user details.
  4. Select the created user. Go to license.
  5. Assign the Microsoft Intune license for the user. Enrolling devices requires the license. Click Save.

  6. Go to Groups > New Group. Configure a group as desired.
  7. Add members to the group, including the newly created user.
  8. To enroll the device to the user, download the Company Portal app from the Google Play or App store.
  9. Enter the user credentials to download the profile and install the profile on the device.
  10. In Intune, go to Apps > All Apps. Add FortiClient (Android) or (iOS) from the public app store to the list.
  11. Add the FortiClient (Android) or (iOS) app to the group.
  12. Go to Apps > App configuration policies. Create a new policy.
    1. Add key-value pairs. The intune_device_id key is mandatory. All other keys are optional. Intune supports the following app configuration keys for FortiClient mobile. The table indicates which keys apply for Android and for iOS:

      Key

      Description

      FortiClient (iOS) support

      FortiClient (Android) support

      cloud_invite_code

      This value is used for connecting FortiClient to FortiClient Cloud. Enter the invite code received from FortiClient Cloud.

      This key does not support configuring invitation codes from on-premise EMS.

      For FortiClient iOS, this key is mainly meant to support 7.2.2 and earlier versions, as the new invitation_code key is available for FortiClient (iOS) 7.2.3 and later versions. However, you can continue to use cloud_invite_code for FortiClient (iOS) 7.2.3 and later versions if you do not configure invitation_code.

      For FortiClient Android, this key is mainly meant to support 7.2.0 and earlier versions, as the new invitation_code key is available for FortiClient (Android) 7.2.1 and later versions. However, you can continue to use cloud_invite_code for FortiClient (Android) 7.2.1 and later versions if you do not configure invitation_code.

      device_id

      Device UDID.

      No

      Yes

      ems_key

      FortiClient Telemetry connection key. The EMS administrator may require FortiClient (Android) to provide this key during connection.

      Yes

      Yes

      ems_port

      Port number for FortiClient (Android) to connect Telemetry to EMS. By default, this is 8013.

      Yes

      Yes

      ems_server

      EMS IP address or hostname.

      Yes

      Yes

      group_tag

      This value is used as a group tag for configuration in EMS. For example, you can use the string “field engineer” as a group tag, which is used when FortiClient initially connects to EMS.

      Yes

      Yes

      intune_device_id

      This key is mandatory. For Value type, select string. In the Configuration value field, enter {{aaddeviceid}}.

      Yes

      Yes

      invitation_code

      This value is used for connecting FortiClient to on-premise FortiClient EMS. Enter the invite code received from on-premise EMS.

      7.2.3 and later versions

      7.2.1 and later versions

      mac_address

      Device MAC address.

      FortiClient (Android) and (iOS) support this key.

      Yes

      Yes

      udid

      Device UDID.

      FortiClient (iOS) supports this key.

      Yes

      Yes

      When FortiClient starts on the device, it automatically connects to the configured EMS instance. After connecting to EMS, the zero trust network access certificate is installed on the endpoint. You can verify this by doing one of the following:

      • For Android, use the My Certificates app.
      • For iOS, go to General settings > VPN & Device Management.
Previous
Next