Disable Duo for Windows Local Admin?

I am testing deploying to our fleet of Windows devices for our domain admin, server admin and maybe for RDP for regular users.

We do leave the local admin account enabled on all systems and rotate the passwords weekly with LAPS.

I can’t figure out how to exclude this account?

Hi @LipidFault ,

Installing Duo Authentication for Windows Logon adds two-factor authentication to all interactive user Windows login attempts, whether via a local console or over RDP: Duo Authentication for Windows Logon and RDP | Duo Security. At this time, there is no way to exclude certain accounts. Please also see Knowledge Base | Duo Security.

Please feel free to submit a feature request asking for this functionality via your Account Executive, Customer Success Manager if applicable, or our Support Team.

Thank you!

Why not make that user in Duo (example admin) and place them in a Duo group (example local admins) and set the group to bypass. Add that group to the RDP logon groups. That should allow that user to bypass Duo security. Does that make sense?