06-26-2020 03:02 PM
So i have deployed Duo RDP for users workstations. I was under the impression that by default, users would need to re-authenticate every time they login to their workstation. This we deployed Monday and users have only had to re-authenticate on monday and haven’t had to since. I found a setting in Globabl policies to allowe users to remember their device which I just now set for 1 day, but not sure if this is the right spot to make the change. I would like users to have to re-authenticate every time the login to Windows.
07-06-2020 06:39 PM
Did you get any answer for this?
07-06-2020 07:52 PM
I have received no response since ticket submittal that I’m aware of.
07-08-2020 01:03 PM
This is how the Duo for Windows Logon application is intended to work. The “Remembered Devices” policy setting applies to applications where you see Duo’s interactive prompt in a web browser, and doesn’t skip authentication for Duo Windows Logon.
There are a few reasons why users might not be prompted for Duo MFA at login. Is it possible that the user workstations no longer can reach Duo’s service, so they are failing open? Or, do you have your new user policy or authentication policy set in such a way that the users bypass Duo auth? Did you define an authorized networks policy?
I suggest you take a look at the debug logs for the Duo Windows Logon application to see if they shed some light on what is happening.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide