Duo Authentication for Windows Logon on screen lock


#1

Hi folks,

We are currently using Duo Authentication for Windows Logon for RDP access to some machines and it’s working great! We are now considering enabling Duo 2FA for console logon too. It seems, however, that when console 2FA is enabled it also kicks in when unlocking your computer after the screen saver kicks (we require a password after screen lock). Is there a way to force 2FA on initial logon but not on screen lock?

Cheers,
Kevin


#2

Greetings Kevin!

It is not possible to exclude workstation unlock from Duo Authentication at this time. In fact, this behavior is by design. If you’d like to submit a feature request for the ability to bypass 2FA when unlocking a logged-in workstation I encourage you to contact your Customer Success Manager or Duo Support.

Thanks for using Duo!


#3

I am eager to this enabled as a feature. it is cumbersome to have to type in the password and MFA each time a workstation locks after 15 min


#4

We feel that requiring MFA at initial login and workstation unlock provides better system protection (since most Windows users tend to stay logged in while their system is unattended or sleeping). However, everyone’s environment and use case is different. I encourage you to contact your Customer Success Manager or Duo Support to submit a feature request for workstation unlock without 2FA.


#5

Yeah, This is really annoying. Currently once the windows lock screen comes active (mine is set to 10 mins for better security) and then all we see is a grey screen and the windows power options (windows 10) on the bottom right. It’s crazy once the lock screen is on, the only way to reconnect is to reboot the remote machine!!:roll_eyes::disappointed:


#6

@duocommuser1

This doesn’t sound like the expected behavior at all! Please contact Duo Support about this.


#7

It’s actually worse. Nothing to do with the timeout at all. After an rdp connection is established, even within 5 mins or so (being inactive) , if you just want to get back to the already established session , all you see is a grey screen and a power /restart button of windows on the right bottom. we’ve already created a ticket and send a note to them. No one seemed to care, because it’s a free account. We’ve few businesses that we run, and wanted to check and see what kind of support they provide first to resolve real issues.


#9

Hey Tony,
I looked into your support history and it looks like all of your cases have either been successfully resolved or are waiting for your response on some additional troubleshooting steps. If that’s not the case, please do follow up with our Support Team so they can help drive your cases to a better resolution.

Researching this further, it is possible the computer is configured to disable the network adapter to save power. Please read this Duo Knowledge Base article for steps to resolve that potential issue: https://help.duo.com/s/article/4201.

Can you also share which version of Windows you’re running?


#10

I mean, no one is asking for the application logs, or someone who can connect directly and see whats’ going on, on the support. Even emails I get from support, you can’t reply (noreply). No the connection is fine. It’s not disconnecting from the computer. It’s connected, but it doesn’t present a lock out screen or login screen or just connect (I even took the windows lock timeout off).


#11

Hi Tony,
Responses from our Support Team members do come from support@duo.com and can be replied to as-is. Our automated initial response and reminder emails do come from a no-reply address, but if you would like to also respond to these as well, you can simply replace the no-reply address with support@duo.com.

Please review the troubleshooting suggestion in your currently open case and reply to Support if it does not resolve your issue. You are correct that we do not offer screenshare, phone call, or chat support for Duo Free customers, but we do offer best-effort email support. Thanks!