Skip to main content
jokes54321
jokes54321
New Member
April 11, 2025
Question

FortiNAC Intune integration, filtering devices

  • April 11, 2025
  • 3 replies
  • 1307 views

We've been running FortiNAC for 2 years now and are starting to deploy Intune joined workstations. I followed the 9.4.6 Intune integration guide and it's successfully polling Intune and bringing in devices. The issue we are now seeing is,  we're a global company sharing a single MS tenant and NAC is pulling in thousands of devices from other countries. 

 

Since this is an API call, it sounds like we cannot do the filtering to our devices only via Entra, so we need FortiNAC to filter the devices on an extension attribute or a tag. While ChatGPT seems to think FortiNAC can filter the devices, it failed to spit out how, and I cannot see any filtering options in the connector setup. Does anyone know if it's possible to setup a polling filter to narrow the list of devices it will ingest from an external MDM?

 

On another note, the FortiNAC 9.4.6 Intune integration guide, steps 9 and 10, tell you to setup a permission under Windows Azure Active Directory, which was deprecated in May of 2020. I believe this needs to be setup under GraphAPI. 

 

I have a ticket in to support, but am hoping the community might be able to answer this faster. 


Denny

3 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
April 14, 2025

Hello jokes54321, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
April 17, 2025

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
ebilcari
Staff
ebilcari
Staff
April 17, 2025

Currently it is not possible to apply such filters from FNAC side. I am not too familiar with Intune but maybe there is a way to restrict the Azure application to have access only to a group of devices. The guide for 9.4 may be a bit old, you can refer to the latest version here.

Emirjon
    jokes54321
    jokes54321Author
    New Member
    April 17, 2025

    Thank you for the responses. I ultimately heard back from support, more or less indicating the same. While policies can be configured in Azure, they only apply to users and devices, not the API.


    We ultimately deleted the Intune connector and deployed the Persistent Agent. This seems to be working well. 

      Terms & ConditionsAccessibility statement