Is it possible to roll out protection for all endpoints but only prompt for Duo when users login with an admin account? (domain admin, IT support desk, etc…)?
I think you can accomplish what you’re after using Duo Group Policy, depending on which edition of Duo you are using today. You’ll need to be on at least Duo MFA edition to make use of Policy Enforcement. Please refer to our documentation for Duo Authentication for Windows Logon (RDP) Active Directory Group Policy here.
You can set up a Group Policy for the roles you would like to prompt for Duo 2FA while bypassing all other users. Read how to do that in the help article here: https://help.duo.com/s/article/3888
Thank you! That’s exactly what I needed.