Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1770
Views
0
Helpful
2
Replies

Configuring DUO to integrate with multiple Azure AD tenants during migration

Go to solution
stevepetka
Level 1
Level 1

‎11-10-2021 04:28 PM

Hello all,
I work for a CSP who focuses on migrations to Azure/M365. We are beginning a project with a customer who currently uses DUO in their current commercial tenant. They wish to keep DUO working as we migrate them over to a new GCC High tenant. So their current DUO implementation would need to work simultaneously in a commercial tenant and a GCC High tenant in the interim. I have searched without luck on this topic in this community. I did find this doc in the knowledge base and would like to confirm that this is what I need to follow as I am unfamiliar with setup. Thanks in advance.
Microsoft Azure Active Directory | Duo Security

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎11-15-2021 06:07 AM

So there are two answers for you here:

  1. Yes, you can configure multiple Duo Azure custom policies for CA used by different commercial Azure tenants in a single Duo account.

  2. However, you mention the customer wants to use Duo in GCC High. Microsoft has not made custom controls for conditional access available in Azure Government. The intro section of the Duo Azure CA doc mentions this: “Azure Government does not yet provide support for custom controls in Conditional Access.” So, the customer can’t use the Duo Azure control in their Azure Government tenant.

If they want to use Duo with GCC High, they would need to implement a federated solution, like Duo Access Gateway or AD FS with the Duo adapter.

Duo, not DUO.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎11-15-2021 06:07 AM

So there are two answers for you here:

  1. Yes, you can configure multiple Duo Azure custom policies for CA used by different commercial Azure tenants in a single Duo account.

  2. However, you mention the customer wants to use Duo in GCC High. Microsoft has not made custom controls for conditional access available in Azure Government. The intro section of the Duo Azure CA doc mentions this: “Azure Government does not yet provide support for custom controls in Conditional Access.” So, the customer can’t use the Duo Azure control in their Azure Government tenant.

If they want to use Duo with GCC High, they would need to implement a federated solution, like Duo Access Gateway or AD FS with the Duo adapter.

Duo, not DUO.
0 Helpful

Go to solution
stevepetka
Level 1
Level 1
In response to DuoKristina

‎11-15-2021 08:40 AM

Thank you so much, this is very helpful! Have a great week.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents