Access to FortiEDR console -> Administration tab -> Licensing -> Request for collector installer.

Select the Windows collector installer version, and configure aggregator address and collector group that where device belongs to. Configure the email address in the Send installers link section.

Select Send Request and a pop-up dialog box will be shown below:

An email will be sent to the configured recipient email address as shown in the screenshot below. Select the appropriate FortiEDR installer file to download respectively for 32-bit and 64-bit Windows machines.

Create a distribution point in the AD server. In the AD server, create a new folder and place the FortiEDR MSI installer.

Add domain computers into the Share Permissions list for domain Windows machines to access the distribution package.

In AD server, access Start -> Server Manager -> Tools -> Group Policy Management. Under Forest, access to Domains -> Group Policy Objects -> 'Right-click' -> Select New and give a meaningful name, eg. FortiEDR Deployment.

Under Security Filtering, configure to add either users, groups, or computers involved in FortiEDR deployment.

Configure FortiEDR MSI installer as part of the software installation package. To do this, 'right-click' on the newly created GPO 'FortiEDR Deployment' and select Edit.

Access to Computer Configuration -> Policies -> Software Settings -> Software Installation. 'Right-click' on Software Installation -> New -> Package and select the MSI installer from the shared folder/network path (eg. \\IRIZ-KVM23\FortiEDR) created previously.

When prompted to select deployment method, select Assigned.

In the Group Policy Management window, 'right-click' on domain name and select Link an existing GPO.

Select the group policy object 'FortiEDR Deployment'.

To force updating all group policies in workstations, in the command prompt (running as administrator), execute the command 'gpupdate /force'.

A reboot is required for the FortiEDR collector to be installed upon the next logon.