2fa for windows admin share

I have DUO setup and working on my laptop for local and RDP logins but admin users are able to connect to my machine using //IP/C$ and are not prompted for 2fa.

Does DUO have a way to enforce at a lower level on my computer?

We are current users of Authlite and really enjoy that since they install right on the DC they can enforce 2FA for pretty much all AD requests.

Dup Authentication for Windows Logon does not apply 2FA to UNC share access at this time. Learn more about what types of logins Duo for Windows protects here: What logon interfaces can Duo protect?

You might want to consider implementing a Secret server/password management solution instead. For example, you can enroll all of your domain admin accounts into the secret server, have those passwords rotate on a daily basis, and users can access those accounts/secrets by logging into the password management portal (which you can force Duo/MFA on that login).

This prevents access to the //machine/C$ unless someone logins in to the secret server with a domain user account/MFA first.