cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1182
Views
0
Helpful
1
Replies

365 logon box appears even if global policy set to bypass

moses1
Level 1
Level 1

Hi,

I would like to check whether setting the global policy to bypass 2fa and not enroll, should still show a logon box for users to authenticate to, when securing 365 with the DAG, even though they then bypass 2fa correctly?

Reason I ask, is with securing RDweb with the same global policy manages to pass without a logon box.

Thanks in advance

Chris

1 Accepted Solution

Accepted Solutions

DuoKristina
Cisco Employee
Cisco Employee

Yes, since the Duo Access Gateway is the identity provider, users must still provide their primary username and password even if they can then bypass 2FA. DAG does not support integrated Windows logon (pass-through of desktop credentials) like RD Web can (and I’m guessing you have configured RD Web for integrated auth if you do not see a primary login prompt).

Duo, not DUO.

View solution in original post

1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

Yes, since the Duo Access Gateway is the identity provider, users must still provide their primary username and password even if they can then bypass 2FA. DAG does not support integrated Windows logon (pass-through of desktop credentials) like RD Web can (and I’m guessing you have configured RD Web for integrated auth if you do not see a primary login prompt).

Duo, not DUO.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links