Problem: Recently setup a new PC for vulnerable mother-in-law. We use the Duo Authentication when she logs onto her old PC (Push goes to my wife's phone) as on of many layers of security to stop her getting scammed. i.e scammers used to phone her up to get remote control of her PC. This along with Parental Controls has kept them at bay.

However I'm setting up a new PC for her and the Duo Authentication on the new Win 11 PC is not working as expected. After setting up the PC with a local admin account and then logging her in with her Microsoft Account (M365 Family subscription so we can also have those controls in place too). After that I logged back in with local Admin account and installed Duo Authentication. Following that there is no option for her to log on (Switch User etc) and only the Local Admin account is displayed for logon (for which the Push authentication works). I've checked the aliases match her Microsoft Account in my Duo account and all should be working.

The only way I can get it to work is by setting the local policy 'Forget Last Logged On User' and then DUO Auth works for local admin and her Microsoft Account. That's not ideal as it makes it more complicated for her to logon (i.e typing in an email address and complex password) rather than just entering her Windows Account PIN to log on (and then obviously DUO Auth).

Any ideas anyone?

Thanks