You can set your client devices to authenticate against Radius and configure your AuthProxy to be a radius server. AuthProxy would then do a lookup against AD to see if the primary credentials are correct then pass you off to Duo for MFA.
Radius auth...
We wrote it inhouse. You need to create a Transform file from the MSI to answer the install questions.
To Install:
@echo off
msiexec /i “\path\to\Duo\Client\Installer\DuoWindowsLogon64.msi” /qn TRANSFORMS="\path\to\Duo\Client\Installer\DuoWindowsLog...
I expect they are installed on the exchange server servicing OWA.
Keep the below in mind:
Duo’s two-factor solution for OWA 2010 reached its end of support on February 15, 2021. Microsoft Exchange 2010 reached the end of support on October 13, 2020. ...
We use this as well. It works really well and protects PCs as well as RDP sessions to servers.
You create a protected application in the duo admin portal
You install the login client on the PC to be protected
During installation you are asked for ...