A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

Set a Default Tab for FortiClient EMS

It’s been a while, but I am working on deploying an updated version of FortiClient for and company which is managed via EMS and InTune. One thing that bugs me (and many) is by default, the client UI will load into the Zero Trust Telemetry tab and the option to change the Default tab will be greyed out for the end user when managed.

XML Editor in EMS

There is no UI setting in EMS but you can easily set the Default Tab by using the XML editor for the specific profile under Endpoint Profiles > Manage Profiles, edit the Profile and then select XML Configuration. Once there, hit Edit and add the following line under the System and UI tags.

<default_tab>VPN</default_tab>

You can also use any of the following values under the default_tab element to set the default tab accordingly.

  • AV: Antivirus
  • WF: Parental Control/Web Filtering
  • FW: Application Firewall
  • VPN: Remote Access
  • VULN: Vulnerability Scan

If you want to know what else you can configure via XML for the FortiClient via EMS, see the Fortinet FortiClient XML Guide here (or local mirror FortiClient_6.0.4_XML_Reference.pdf ).

Leave a Reply

More Posts

Testing Conditional Access Policies with What If

I was recently helping out a colleague in implementing and testing some new conditional access policies around Geo Blocking and we wanted to understand if what we had setup was going to work. Traditionally this can be quite difficult depending on your scenarios, however Microsoft have recently introduced What If, so that you can test […]

Letting Exchange accept Mail from other domains

One of the usual things I perform as an IT Consultant is maintenance and configuration tasks on Exchange. One of the most requested tasks is accepting e-mail for more than one domain. Most of my clients run Windows SBS Server 2008 which comes with Exchange 2007. In this article I will walk through accepting mail […]

An error has occurred when trying to access IdpInitiatedSignOn.aspx to test SAML authentication on AD FS 4.0 (Windows Server 2016)

So usually one of the first things I do after initially setting up an AD FS environment (among others) is to test the Metadata (navigate to https://your.adfs.server/ federationmetadata/2007-06/federationmetadata.xml which should return valid XML) and sign-in functionality using the IdpInitiatedSignOn.aspx method. For Server 2012/2012 R2 this page enabled by default but if we navigate to this […]