i’m planning on installing duo for windows logon on my 2x production session hosts as a test of the duo product. i don’t have the luxury of a test env. and am hoping to test MFA on a pilot group of users. can this be done? looking at the global policy, it looks like i am able to allow all production users to bypass duo mfa auth while users in my pilot AD sec grp can be added to the policy to test this function. would this be correct?
Yes, you can absolutely test with a group of users using Duo Policy! You’ll want to start with the New User Policy, which controls authentication for users not enrolled in Duo, and Authentication Policy (formerly Group Access Policy) to change how both existing Duo users and unenrolled/new users access a Duo-protected application. If you’re interested in doing a phased rollout, this can also be achieved with policy, specifically using Group Policy.
You might find Duo Level Up beneficial, as well. It’s our customer education platform currently in beta that offers a variety of courses and two certification tracks, with more being added. It covers topics such as this, and we are working on a Policy course as we speak! Sign up for Level Up here if you like.