Trying to complete installation of Azure AD Connect and call to DUO for global

DorkSkyBlues · ‎12-07-2020

Something is cancelling my authentication to Azure AD via DUO MFA after entering account username of Azure AD global administrator. I should get a pop up window from DUO to enter username and password, but instead I get a window that appears to open and closes and a message “Authentication request was cancelled. Learn More” in the AAD Connect application. I believe it is a Windows Server 2019 or AADCONNECT issue but am investigating DUO MFA also.

Troubleshooting Azure AD connectivity via logging into login.microsoftonline.com, microsoft365 and portal.azure.com shows connectivity as does entering an invoke-webrequest -uri adminwebservice.microsoftonline.com/ProvisioningService.svc in powershell returns a 200 or OK status.

Nothing shows up in the event logs on the server. Windows Firewall being disabled shows no effect.

DuoKristina · ‎02-05-2021

What Duo application are you using? What’s the “pop up window from Duo” you’re referring to in your description of the issue?

If you are using Duo’s custom conditional access control for Azure AD, then Duo never prompts for or handles the Azure credentials, and is only invoked after Azure accepts and verifies the primary AAD credential.

If you have federated Office 365/Azure with Duo Access Gateway (DAG), then after entering your Azure username on the Microsoft login page you would be redirected to your DAG login page. Is that what you mean? If you use browser developer tools to watch the network output, are you in fact redirected to the DAG login URL or does Azure show the auth cancelled message before that can happen?

Are you a Microsoft CSP partner that also had the Azure MFA requirement enabled for admins?

Duo, not DUO.