Technical Tip: Microsoft Azure (InTune) Application permission configuration
| Description | This article describes the configuration changes that are required in Microsoft Azure Application (InTune) for the endpoint compliance to work. Possible error: 'Failure: Unauthorized to call Compliance Retrieval Service'. |
| Scope | FortiNAC 7.6.5+ |
| Solution | Due to frequent vendor API modifications, FortiNAC communication with the MDM is often affected. After the fix provided in Engineering ticket: '1147758 - Unable to poll Intune MDM when Enable Compliance Retrieval Status is set to enable', FortiNAC is now able to retrieve the compliance status for the managed hosts.
After following the configuration steps shown in the MDM/OT Security Integration, a new set of permission is required for this integration to work as expected. Set the permission as follows:
The integration guide will be soon updated with the new details. In case the issue still persist, please enable the following debugs from FNAC CLI:
diagnose debug plugin enable MdmManager
Reproduce the issue by selecting the service connector and then choosing 'Test Connection' and 'Poll'. Open a ticket with TAC support via the Fortinet Support Portal and include screenshots of the current configuration, along with a grab-log-snapshot from FortiNAC as shown here: Technical Tip: How to get a debug log report from FortiNAC-CA or FortiNAC-Manager. |