MFA on other customers AD

Completely new to duo.

Here’s my use case that I’m trying to protect. We manage an application that has its own AD structure for our customers. Completely separate AD from both the customer side and our side.

Both the customers and our employees log into these systems via Remote Desktop to provide support to the customers. Can I install duo on all of these separate ADs and only have it do two factor on MFA on just our users?

Is this a permitted use, license wise?

I don’t see why not, it appears (Haven’t setup) the AD calls are made from the RDP server you are connecting to (local to the AD), so as long as the accounts are there and the server can reference them it should work.