Technical Tip: FortiNAC-F Persistent Agent using Intune and ADMX templates
| Description | This article describes how to deploy and configure the FortiNAC-F Persistent Agent using Intune and ADMX templates. |
| Scope | FortiNAC-F, Persistent Agent and Intune. |
| Solution | FortiNAC-F:
Under System -> Settings -> Updates -> Agent Packages, select FortiNAC Persistent Agent.msi, and select Save.
   Under System -> Settings -> Updates -> Agent Packages, select Download Administrative Templates, and select Save.
Extract the Bradford Networks.admx and Bradford Networks.adml files from the Bradford Networks Administrative Templates.msi.
Additionally, the Windows.admx and Windows.adml files are also mandatory. These can be downloaded from Microsoft or copied from the Central Store for Group Policy on a Domain Controller.
Intune:
Under Apps, select Windows, select Create. Under App type, select Line-of-business app, and select Select.
Under App information, select Select app package file. Under App package file, select FortiNAC Persistent Agent.msi, and select OK.
Under App Information, enter Fortinet for Publisher, and select Next.
   Under Assignments, either select Add group, Add all users, or Add all devices, and select Next.
Under Review + create, select Create. 
Under Devices, select Manage devices, select Configuration, select Import ADMX, select Import. Under the ADMX file upload, select Windows.admx for ADMX file, select Windows.adml for ADML file for the default language, and select Next.
Under Review + create, select Create.
Note: The Bradford Networks administrative template will not successfully upload without the Windows administrative template being uploaded first because it is a dependency.
Open the Bradford Networks.admx file in a text editor, find and replace all references of longDecimal with decimal, and save the file.
Note: The Bradford Networks.admx file will upload without this modification; however, ingestion will fail on the endpoint because longDecimal is not supported by Intune.
Under Devices, select Manage devices, select Configuration, select Import ADMX, select Import. Under ADMX file upload, select Bradford Networks.admx for ADMX file, select Bradford Networks.adml for ADML file for the default language, and select Next.
Under Review + create, select Create.
Under Devices, select Manage devices, select Policies, select Create, select New Policy. Under Create a profile, select Windows 10 and later for Platform, select Templates for Profile type, select Imported Administrative templates (Preview) for Template name, and select Create.  
Under Basics, enter a Name, and select Next.
   Under Configuration settings, select Computer Configuration, select Bradford Networks, select FortiNAC Persistent Agent, select Setting name(s) and configure as appropriate for the environment, select OK, and select Next.
   Under Scope tags, select Next.
Under Assignments, either select Add group, Add all users, or Add all devices, and select Next.
   Under Review + create, select Create.
Verification:
Open Event Viewer, select Applications and Services Logs, select Microsoft, select Windows, select DeviceManagement-Enterprise-Diagnostics-Provider, select Admin, and verify Information events with Event ID, 873, 866 and 814.
   
Open Registry Editor, select HKLM, select SOFTWARE, select Microsoft, and select PolicyManager, select AdmxDefault and AdmxInstalled, and verify the policy is present.
   Select HKLM, select SOFTWARE, select Policies, select Bradford Networks, select Persistent Agent, and verify the registry keys are present.
|
