we’re using Cisco Duo within our ADFS Farm (Windows 2019). We’re federating with O365 and requiring MFA for external Access. As long as a usermailbox is located on on-prem Exchange there’s no problem. If the user has a cloud mailbox Outlook keeps asking for password on profile/account generation. I’ve read through this artikel here: Knowledge Base | Duo Security but even if I configure the mentioned additional authentication rule " Example custom rule to globally disable 2FA on ActiveSync and Autodiscover endpoints while requiring 2FA for all other connection types" it won’t work. As soon as I disable MFA for external access the Outlook profile generation works as expected. Using Outlook 2013 or Outlook 2016 doesn’t make a difference.
Anyone here who has solved this?