Got a puzzler here for you all.
We host a multi-tenant Exchange environment. One of our tenants is looking to implement Duo and I am a bit lost for how to implement it for only their tenant. We use it just about everywhere for our purposes, but it is on a singular domain. For the Tenant, we need to trigger the Duo prompt only for their OWA session (AD group/OU segregated). Is there a way to prompt for Duo in OWA after the initial login similar to how RDP sessions are setup?
If there isn’t, our next step would have to be to explore integrating them into O365 and setting up 2FA there, probably would still be Duo since they already have it in place.
We’re not exactly excited for this second option, especially after the last Azure outage!