What Duo application are you using? What’s the “pop up window from Duo” you’re referring to in your description of the issue?
If you are using Duo’s custom conditional access control for Azure AD, then Duo never prompts for or handles the Azure credentials, and is only invoked after Azure accepts and verifies the primary AAD credential.
If you have federated Office 365/Azure with Duo Access Gateway (DAG), then after entering your Azure username on the Microsoft login page you would be redirected to your DAG login page. Is that what you mean? If you use browser developer tools to watch the network output, are you in fact redirected to the DAG login URL or does Azure show the auth cancelled message before that can happen?
Are you a Microsoft CSP partner that also had the Azure MFA requirement enabled for admins?