Skip to main content
HS08
HS08
Visitor III
March 18, 2026
Solved

Forti NAC & MDM

  • March 18, 2026
  • 1 reply
  • 243 views

I have this policy to assign vlan 17 for devices which not managed by MDM.

But the result why devices managed by MDM also hit this rule?

 

Screenshot 2026-03-18 172426.png

Best answer by ebilcari

If the MDM is Azure/Intune, kindly check this article: Technical Tip: Microsoft Azure (InTune) Application permission configuration

1 reply

ebilcari
Staff
ebilcari
Staff
March 18, 2026

Have you checked if the host has the flag 'Managed By MDM/OT' set? The column can be added from Admin UI in Hosts view or checked from CLI:


fnac76 # diagnose host list host-name Win11 | grep MDM
Managed By MDM = false
Compromised Status From MDM = false
Compliance Status From MDM = false
Data Protection Status From MDM = false
Passcode Status Status From MDM = false

Emirjon
HS08
HS08Author
Visitor III
March 20, 2026

Yes the host is maneged by MDM

jktfortinac01 # diagnose host list host-name 456PGQ | grep MDM
Managed By MDM = true
Compromised Status From MDM = false
Compliance Status From MDM = true
Data Protection Status From MDM = false
Passcode Status Status From MDM = false
Attribute: MDM_DEVICE_DBID = 1437224424353822
Attribute: MDM_DEVICE_NAME = INTUNE

ebilcari
Staff
ebilcari
Staff
March 20, 2026

To obtain more information regarding policy evaluation and matching conditions, you can review the policy details and the Debug Log output:

 

Policy details.PNG

Emirjon
Terms & ConditionsAccessibility statement