Confirmation of expected behaviour - Edge - Duo Desktop(RDP)

bjames · ‎01-09-2025

Hi,

I know the answer but our client wants confirmation from Cisco. Situation is client PC with RDP/Windows Login client using MFA to login to PC. Then the client runs Edge browser to login to Office.com - This is successful with no MFA.

I've told them this is expected behaviour as it's doing pass-thru auth via Edge.

Confirmed with the same situation using Chrome or FF and it prompts for MFA everytime.

They still are requesting either documentation stating this or a response here from Cisco validating this is the case.

Thanks in advance,

DuoKristina · ‎01-09-2025

Did you enable Duo Passport for your customer to achieve the pass through MFA from Duo for Windows Logon to a Duo web app? If so, you should b able to refer them to the Passport documentation.https://duo.com/docs/passport

If you didn't enable Duo Passport, then what you describe doesn't sound entirely expected. What type of Duo config is being used to protect M365? Is it federated with Duo SSO or another identity provider like Okta or AD FS that supplies Duo MFA, or is it cconfigured with Duo's EAM method or Azure custom control in Entra conditional access?

Duo, not DUO.

bjames · ‎01-09-2025

Thanks for jumping on Kristina,

No Passport. The PC's have the Windows Desktop (RDP) login app on them and MFA is setup on MS ADFS.

DuoKristina · ‎01-13-2025

Hm, I think you might want to look to Microsoft documentation for support of Edge pass-through behavior that causes it to skip primary and MFA (I guess through an access token)? Maybe in here: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-identity.

Duo, not DUO.