Securing Office 365 - Options?


Hello everyone,
I’m hoping to get opinions & options here. I’m working on securing Office 365 using DUO MFA, but it seems it may be a bit more work and cost more than what I was originally thinking.

Are there only three options to secure Office 365 using DUO MFA and / or am I misunderstanding the article?

My understanding:

DUO Access Gateway – SSO
* Requires Server in DMZ

* Requires Server (in DMZ?)

Azure Active Directory
* Premium P1 $6 per user / per month
* DUO MFA $3 per user / per month


There are some other SSO IDP options that support or include Duo MFA, like…

CAS - requires on-prem server
Shibboleth - requires on-prem server
Okta - must subscribe to Okta and Duo
OneLogin - must subscribe to OneLogin and Duo

But O365 MFA protection is essentially going to be one of three choices:

  1. via SSO (and Duo works with many SSO IdPs)
  2. One of Azure’s natively-supported providers (of which Duo is one)
  3. User managed OTP codes (which can be done with Duo Mobile)