Forgive me if I am not articulating this clearly, but is it possible to differentiate an Office 365 web portal login verse a local Office app login and use differing policies?
Did you try the conditional access client apps condition? It looks like it distinguishes between “Browser” and “Mobile apps and desktop clients”.
Thank you but I’m more interested in whether Duo can make this distinction, not Azure.
No, Duo isn’t going to analyze the client info to make a determination, other than what we can already do with our policy settings (i.e. check for OS version, browser version, user location, etc.).
Azure has more specific client rules to determine whether it redirects to Duo for the custom control in the first place or not.