Elevated privileges protection

Hello we are currently using MFA DUO solution and we would like to know if somehow one of your different product/strategy could help us with the following need

We need to protect privileged access to mitigate the risks of such access be used by an unauthorized source. Right now with the way DUO is set up, if our network is breached (always assume the hackers are already in), DUO at the workstation level is not going to prevent a hacker from using someone’s credential for example to do harm. We need to make sure every time a user elevated privileged is used, it’s indeed the user it pretends to be.

Is there a way to meet that requirement with your products

Duo Authentication for Windows Logon added protection for UAC elevation in version 4.1.0.

Duo Unix PAM can require 2FA on su and sudo commands.

Is that what you were thinking of with regard to elevated privileges, or something else?