Duo administrators have to start somewhere with their deployment, and which application you protect with two-factor authentication (2FA) first is one of the early decisions you must make.
- Office 365
- Windows Logon and RDP
- SSH and local logins to Unix (Linux, CentOS, etc.)
- Other: Tell us in the comments!
If you’re new to Duo, there are some considerations to keep in mind when making this decision:
- What is the most widely used? - By targeting an application the majority of your org uses, you will be able to enroll and familiarize most users with the 2FA experience early on.
- What is highly sensitive? - You may want to prioritize the security of your systems and applications that either contain or have direct access to sensitive data.
- What is the end-user experience and how willing are your users to adopt 2FA? - When you select applications that present the Duo Prompt for enrollment and self-service, or you first enroll user groups that will be quick to adopt 2FA, you can help to ensure a smoother deployment by reducing resistance.
You’ll find more great tips and best practices in the free courses at Duo Level Up. I recommend Protecting Applications with Duo and Designing Your Duo Launch if you’re interested in this topic specifically.