What are your key selling points to steer customers to Duo from MS MFA


Curious to hear what you (as MSP’s) are talking about to your customers who give you the “it’s included with our MS agreement” line and how you explain the benefits of DUO over MS MFA?

We come up against this a lot, and cost always seems to be the driver, that or it “seems” simpler to go with Microsoft.


My org is in the middle of a transition away from Duo and to MS MFA. We’re an end-user, not an MSP.

I like Duo, but like you said, the main driver is cost and the other benefit we see is the passwordless functionality that is integrated with the MS solution.

The biggest downside of this switch that I’ve experienced so far is the lack of integrations. Duo integrated easily with everything; MS not so much. They used to offer MFA Server, but they are deprecating it. Luckily for us most of our auth is directly tied to Azure AD, so it isn’t a showstopper; integration with our on-prem VPN has been the biggest challenge.

I chose Duo instead of MS MFA because Duo integrates with everything: Duo Admin Console, Microsoft 365, Windows RDS, Facebook, Google, 3rd Party 2FA, many, many more. I rather have one MFA product than multiple MFA products.

This is a tricky one. I find it can largely depend on what the customer already has in terms of their MS Licensing. If they already have Azure AD P1 or one of the license models that includes most of that e.g. Microsoft 365 Business Premium / EM+S / etc, then it is hard to push Duo over Azure MFA. There is also the issue that in some circumstances you may need Azure Conditional Access regardless of whether you go Duo MFA or Azure MFA, in which case they are paying twice for similar functionality.

On a personal level, i find the Duo App a little more reliable than MS Authenticator. With the latter I occasionally find I have to do the pull-down option to get it to re-check for Notifications. But I am not sure that’s going to convince many IT decision makers!

All really good stuff guys!!

For us the proof is in the demo; we’ve demo’d the product one day, installed it the next and went into production on the third day. (Of course this was driven by the VPN requirements of WFH), but the simplicity and ease of management were the key selling points.
If customers are already fully in in Azure/O365 it’s a tough sell versus still onsite, and hybrid; at least in my experience.