We’re just getting our feet wet on the platform and one thing I’m confused about is how to handle the process of enrolling new users when the only thing we’re currently protecting is Windows Login (aka Microsoft RDP).
We have scripts so that when a user is added to Active Directory, they will get automatically synced to Duo as a bypass user. After 2 weeks, they are converted to a regular user. This is done because there is no self service enrollment with Microsoft RDP and if they weren’t set as a bypass, they wouldn’t be able to log in.
It appears when a user is set as bypass, they also are not able to enroll.
Are we missing something?