I work for a CSP who focuses on migrations to Azure/M365. We are beginning a project with a customer who currently uses DUO in their current commercial tenant. They wish to keep DUO working as we migrate them over to a new GCC High tenant. So their current DUO implementation would need to work simultaneously in a commercial tenant and a GCC High tenant in the interim. I have searched without luck on this topic in this community. I did find this doc in the knowledge base and would like to confirm that this is what I need to follow as I am unfamiliar with setup. Thanks in advance.
Microsoft Azure Active Directory | Duo Security
So there are two answers for you here:
Yes, you can configure multiple Duo Azure custom policies for CA used by different commercial Azure tenants in a single Duo account.
However, you mention the customer wants to use Duo in GCC High. Microsoft has not made custom controls for conditional access available in Azure Government. The intro section of the Duo Azure CA doc mentions this: “Azure Government does not yet provide support for custom controls in Conditional Access.” So, the customer can’t use the Duo Azure control in their Azure Government tenant.
Thank you so much, this is very helpful! Have a great week.