Can I integrate 2FA for active directory users on a local domain?

I have integrated Duo 2FA for Microsoft RDP, OpenVPN, and few other applications, have installed duo on a seperate VM in a Windows 2016 environment.
Everything is working fine… But
However I would like all the users logged into the local domain from their laptops be authenticated using 2FA.

While installing I have this option as seen above in the pic unchecked.
Yet when i log into my laptop with one of the users based of AD, i dont get authentication prompt and rather get logged in directly into my system.
Do i need to install the client on my local PC to make this work?

Hi @Socrates,

Thanks for being a Duo customer!

The Duo Windows Logon needs to be installed on any computer that you’d like to receive 2FA when logging in locally to that computer.

For an easier rollout, we do support distributing the installation using Group Policy



Jamie, this is fantastic. I am gonna try this out and update ya’ll.