FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
btan
Staff
Staff
Article Id 294318
Description This article describes that FortiClient EMS cannot match the Deployment Policy when the endpoint belongs to 2 AD groups.
Scope

FortiClient.

Solution

Starting from EMS v7.2.1, vEMS can integrate with Azure AD (aka Microsoft Intra ID) and import endpoint devices from it.

However, up to the latest EMS v7.2.4, EMS will not match an endpoint with 2 Azure AD groups to any Deployment Policy.


when-2-AD-groupswhen-2-AD-groups

 

policy-wont-matchpolicy-wont-match

 

This is fixed in FortiClient EMS v7.2.5 and above.