I have rolled out Duo to about 40 users so for and all have completed the Duo enrollment.
When offsite, I expected them to have to go through the Duo authentication when using Outlook. This appears not to be the case. OWA goes through the Duo authentication process but using the full Outlook client, which was previously setup, there is not Duo requirement.
Is this because Outlook was previously setup? (O365 Outlook, current version)
On a probably related note, the Authentication Log doesn’t show any accesses at all - just the new enrollment messages. I would expect it to show something when using Outlook even on a previously configured device.