Hi @DES, thanks for sharing your question with us. I noticed you had a support case open about this issue, and it looks as though you received the answer you needed. I just wanted to share it here with the community as well in case it helps someone else with a similar question.
I understand you are rolling out Duo to your remote users, and new SSL VPN users who have not authenticated before via Windows Logon and RDP are not receiving an authentication request when logging into the VPN. Windows RDP and Fortinet SSL VPN are two different integrations, so the new VPN users don’t need to authenticate through Windows RDP. However, these users need to be enrolled before accessing the VPN. Please ensure that these users are imported from Active Directory and complete Duo Mobile activation.