Enrolling FortiClient mobile endpoints to EMS with Intune integration
The Microsoft Intune integration allows FortiClient mobile endpoints to connect to EMS.
To enroll FortiClient mobile endpoints to EMS with Intune integration:
- In Intune, go to Users > All users.
- Select New user.
- Specify the appropriate user details.
- Select the created user. Go to license.
- Assign the Microsoft Intune license for the user. Enrolling devices requires the license. Click Save.
- Go to Groups > New Group. Configure a group as desired.
- Add members to the group, including the newly created user.
- To enroll the device to the user, download the Company Portal app from the Google Play or App store.
- Enter the user credentials to download the profile and install the profile on the device.
- In Intune, go to Apps > All Apps. Add FortiClient (Android) or (iOS) from the public app store to the list.
- Add the FortiClient (Android) or (iOS) app to the group.
- Go to Apps > App configuration policies. Create a new policy.
- Add key-value pairs. The intune_device_id key is mandatory. All other keys are optional. Intune supports the following app configuration keys for FortiClient mobile. The table indicates which keys apply for Android and for iOS:
Key
Description
FortiClient (iOS) support
FortiClient (Android) support
cloud_invite_code
This value is used for connecting FortiClient to FortiClient Cloud. Enter the invite code received from FortiClient Cloud.
This key does not support configuring invitation codes from on-premise EMS.
For FortiClient iOS, this key is mainly meant to support 7.2.2 and earlier versions, as the new
invitation_code
key is available for FortiClient (iOS) 7.2.3 and later versions. However, you can continue to usecloud_invite_code
for FortiClient (iOS) 7.2.3 and later versions if you do not configureinvitation_code
.For FortiClient Android, this key is mainly meant to support 7.2.0 and earlier versions, as the new
invitation_code
key is available for FortiClient (Android) 7.2.1 and later versions. However, you can continue to usecloud_invite_code
for FortiClient (Android) 7.2.1 and later versions if you do not configureinvitation_code
.device_id
Device UDID.
No
Yes
ems_key
FortiClient Telemetry connection key. The EMS administrator may require FortiClient (Android) to provide this key during connection.
Yes
Yes
ems_port
Port number for FortiClient (Android) to connect Telemetry to EMS. By default, this is 8013.
Yes
Yes
ems_server
EMS IP address or hostname.
Yes
Yes
group_tag
This value is used as a group tag for configuration in EMS. For example, you can use the string “field engineer” as a group tag, which is used when FortiClient initially connects to EMS.
Yes
Yes
intune_device_id
This key is mandatory. For Value type, select string. In the Configuration value field, enter {{aaddeviceid}}.
Yes
Yes
invitation_code
This value is used for connecting FortiClient to on-premise FortiClient EMS. Enter the invite code received from on-premise EMS.
7.2.3 and later versions
7.2.1 and later versions
mac_address
Device MAC address.
FortiClient (Android) and (iOS) support this key.
Yes
Yes
udid
Device UDID.
FortiClient (iOS) supports this key.
Yes
Yes
When FortiClient starts on the device, it automatically connects to the configured EMS instance. After connecting to EMS, the zero trust network access certificate is installed on the endpoint. You can verify this by doing one of the following:
- For Android, use the My Certificates app.
- For iOS, go to General settings > VPN & Device Management.
- Add key-value pairs. The intune_device_id key is mandatory. All other keys are optional. Intune supports the following app configuration keys for FortiClient mobile. The table indicates which keys apply for Android and for iOS: