365 logon box appears even if global policy set to bypass


I would like to check whether setting the global policy to bypass 2fa and not enroll, should still show a logon box for users to authenticate to, when securing 365 with the DAG, even though they then bypass 2fa correctly?

Reason I ask, is with securing RDweb with the same global policy manages to pass without a logon box.

Thanks in advance


Yes, since the Duo Access Gateway is the identity provider, users must still provide their primary username and password even if they can then bypass 2FA. DAG does not support integrated Windows logon (pass-through of desktop credentials) like RD Web can (and I’m guessing you have configured RD Web for integrated auth if you do not see a primary login prompt).