So in testing Duo for my test tenant, I imported accounts via Azure Directory Sync. That went great.
I created a Duo protected application for my M365 cloud apps. Worked great.
So I noticed that I now have duplicate names. I see in some other posts that “username normalization” will cause this but I am not really sure which accounts I should delete.
The account that was spontaneously created works and the dir sync account shows as never authenticated. The “never authenticated” has all the relevant account info like email, first\last name etc.
So I need to enforce users using their sync’d account and not have Duo create a new account.
Do I simply turn off username normalization, delete the newly created account and have the sync’d account perform a new enrollment?
I wish there was a “merge” feature and an admin could choose which account was to be deleted etc.