Office 365 integration with DUO multiple custom domians

We have configured Office 365 integration with DUO for two custom domains. One domain is working without any issues. But the other one goes directly to Office 365 after the successful primary authentication without prompting MFA. What could be the issue? TIA.

FYI Permitted groups are not configured. We have two applications configured for two domains

You have federated Microsoft 365 with Duo SSO or Duo Access Gateway?

Is it possible the users in the other domain might be accessing M365 from clients using basic authentication or WS-Trust, which if enabled in Duo will skip 2FA?

Do the Authentication Logs for your Microsoft 365 application in the Duo Admin Panel show a reason why the users might be bypassing Duo? Perhaps their usernames aren’t enrolled in Duo and your new user policy allows unenrolled users access?

If these suggestions don’t help your best next step is to contact Duo Support for 1:1 assistance.