Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jokes54321
Contributor

FortiNAC Intune integration, filtering devices

We've been running FortiNAC for 2 years now and are starting to deploy Intune joined workstations. I followed the 9.4.6 Intune integration guide and it's successfully polling Intune and bringing in devices. The issue we are now seeing is,  we're a global company sharing a single MS tenant and NAC is pulling in thousands of devices from other countries. 

 

Since this is an API call, it sounds like we cannot do the filtering to our devices only via Entra, so we need FortiNAC to filter the devices on an extension attribute or a tag. While ChatGPT seems to think FortiNAC can filter the devices, it failed to spit out how, and I cannot see any filtering options in the connector setup. Does anyone know if it's possible to setup a polling filter to narrow the list of devices it will ingest from an external MDM?

 

On another note, the FortiNAC 9.4.6 Intune integration guide, steps 9 and 10, tell you to setup a permission under Windows Azure Active Directory, which was deprecated in May of 2020. I believe this needs to be setup under GraphAPI. 

 

I have a ticket in to support, but am hoping the community might be able to answer this faster. 


Denny

4 REPLIES 4
Jean-Philippe_P
Moderator
Moderator

Hello jokes54321, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
ebilcari
Staff
Staff

Currently it is not possible to apply such filters from FNAC side. I am not too familiar with Intune but maybe there is a way to restrict the Azure application to have access only to a group of devices. The guide for 9.4 may be a bit old, you can refer to the latest version here.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
jokes54321

Thank you for the responses. I ultimately heard back from support, more or less indicating the same. While policies can be configured in Azure, they only apply to users and devices, not the API.


We ultimately deleted the Intune connector and deployed the Persistent Agent. This seems to be working well. 

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors