Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1111
Views
2
Helpful
1
Replies

CISA alert over Duo misconfiguration

DaniAvni
Level 1
Level 1

‎03-15-2022 10:09 PM

Hi,

Following CISA alert Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability | CISA

They say “The victim account had been un-enrolled from Duo due to a long period of inactivity but was not disabled in the Active Directory” and one of the recommendations is " Enforce MFA for all users, without exception. Before implementing, organizations should review configuration policies to protect against “fail open” and re-enrollment scenarios."

What are the policies for re-enrollment? How do I prevent inactive devices from being un-enrolled? Are there other settings needed?

0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎03-16-2022 02:26 PM

Hi @DaniAvni ,

We have a response to the CISA alert with guidance for customers on our blog:

Duo, not DUO.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents