We have noticed that some users have not been able to get past the Duo Authentication screen after the Windows GINA.
This has been due to time drifting on the endpoints preventing secondary authentication to work.
Luckily we are able to get to the command prompt remotely and issue the time command to set the clock with the right time.
Most times the solution seems to be setting up a Domain Controller as an NTP server and the laptops set up as NTP clients via Group Policy.
This will work where the laptop has VPN capabilities.
However not every laptop user has this feature and everyone is currently WFH.
Can I ask how others have tackled the time sync issue please?