Hello,

We are investigating rolling out Duo MFA for Windows Logon to Azure-only computers through Intune and are looking at the possibility of ingesting the Duo ADMX configurations into Intune to push to our devices (instead of using a registry key). Does anyone know of any documentation out there on the steps needed to accomplish this?

Thanks in advance.

Hi @pb_jbergener, welcome to the Duo Community! Thanks for sharing your question here. I’ll be honest - I don’t have a lot of knowledge on this subject, but since no one else has responded to you yet, I’ll do my best to help you out

It sounds like you are looking to deploy Duo Authentication for Windows Logon via Intune. Have you seen the past discussion here on how to accomplish this? The pointers there may be useful to you.

We have docs for deploying Duo certificates to managed devices via Intune for use with Trusted Endpoints here, but I suspect those aren’t going to be of any use to you in this situation.

It seems like you may be able to take the Windows Logon Group Policy Object administrative template and convert from ADM to ADMX using Microsoft’s conversion chart here but that seems like a pretty convoluted way to go about this, so I’m not sure how feasible that really is for you either.

I think your best bet is the first post I linked, or you can always contact Duo Support for more guidance on this!