Skip to main content
H
Staff & Editor
Hawada1
Staff & Editor
May 27, 2026

Technical Tip: FortiNAC integration with Intunes MDM Automatically creates 'Microsoft InTune Managed Hosts' group

  • May 27, 2026
  • 0 replies
  • 28 views

Description

This article describes how to check and confirm that all MDM-managed hosts are imported to the automatically created group 'Microsoft InTune Managed Hosts' on FortiNAC.

Scope

FortiNAC.

Solution

After successfully adding MDM Intune to the FortiNAC service connector, FortiNAC will automatically create a group called 'Microsoft InTune Managed Hosts' under System -> Groups.


The MDM hosts registered on Intunes will be automatically added to the'"Microsoft InTune Managed Hosts' group after polling the connector.

76691ac4.png


If, for any reason, not all hosts were imported from the MDM, then enable the following plugin and check the output.master logs:

  1. Enable the MDM plugin:


execute enter-shell 
nacdebug -name MSInTuneServer true


  1. Make a Poll from the Service Connectors screen in the UI.

  2. While polling the service connector, check the output.master file:

execute enter-shell
tail -F output.master | grep "isValidMAC"


  1. The return value should be 'retval = true'. If the result of the logs shows 'retval = false', this indicates either the endpoint MAC-Address is a Random MAC address or the Vendor OUI list is not updated on FortiNAC.

2026-05-27 12:04:38.102 +0300 [https-jsse-nio-0.0.0.0-8443-exec-72] DEBUG yams.MSInTuneServer - isValidMAC(D0:F4:05:XX:XX:B1) retval = false
2026-05-27 12:05:14.292 +0300 [https-jsse-nio-0.0.0.0-8443-exec-72] DEBUG yams.MSInTuneServer - isValidMAC(D0:F4:05:XX:XX:04) retval = false


  1. To resolve the Vendor OUI issue, follow the following article (Troubleshooting Tip: New vendor OUI missing from the database).

  2. After running the 'Auto-Definition Synchronizer' scheduler on FortiNAC and confirming that it has successfully updated, go to Intunes Service Connector and poll it again. The 'Microsoft InTune Managed Hosts' group value will be updated on all FortiNACs and correctly reflected. The polling process may take some time to import all MDM endpoints, depending on the number of hosts FortiNAC polls from Intune.

  3. Make sure to disable the plugin after troubleshooting:

execute enter-shell 
nacdebug -name MSInTuneServer false

    Terms & ConditionsAccessibility statement