Policy & Access Control

DUO + Apple MacOS Sequoia - Firewall is not enabled but it is

Having an issue with DUO desktop, think its related to the MacOS beta for Sequoia. Any idea when this will be updated?https://developer.apple.com/documentation/macos-release-notes/macos-15-release-notesApplication FirewallDeprecationsApplication Fire...

Resolved! Operating System policy - Android 15

In my Global Policy, I have an Operating system setting:Allow Android devices:Encourage users to update if less than the latest.Encourage to update: after 30 days.Block versions: if less than the latest.Block: after 60 days.The problem I'm having is ...

The password on this account cannot be changed at this time

When a users password expires and they are prompted at logon to change it they are receiving "The password on this account cannot be changed at this time". This only happens with Duo users, if the user is put into bypass they are allowed to change th...

CJI new MFA compliancy

I just wanted to know if there were other organizations that are facing similar issues with the MFA requirement for CJI assessing devices. https://www.police1.com/cybersecurity/3-ways-to-meet-the-new-cjis-mfa-requirementsWe have a department trying t...

Remember me - Checkbox Ticked by Default?

We have many staff members logging in to Duo, and many don’t remember they need to select the “Remember me for 4 hours” button. It would be great if this was on by default.

Authentication Method (Block countries)

Is there a way to block countries using the authentication method? For example I am able to block countries if the device IP shows in a country (that is not US, Canada, or India), but I want to block if the device IP is in say, the US, Canada, or In...

Resolved! Protecting RDP - Hardware Token without Automatic Phone Call

I'm protecting RDP in my office and some users are using hardware tokens, the rest use Duo Mobile. For the users with tokens, I'm trying to set them up to use phone call authentication in the event they leave their token at home. I have everything ...

Resolved! DUO Custom Policy Question

I am trying to create a policy so when admin accounts login to a windows computer, since they have elevated privileges, MFA is required, but when all other users login, it's not required. We already have them required to login over VPN. When I create...

Risk Based Profile - Details

Hi, I was wondering if someone can explain the Risk based profile acceptance (allowed) and timeframe; I'll explain, in doing Immpossible travel testing the first time I dit it was testing from a VPN through Norway after just logging in from Canada....

MFA twice to MFA once per laptop location

Morning All:I am deploying laptops with MFA to log into the laptop as a security protection. I want to remove the current need to MFA into the Remote Server. Primarily this causes frustration on the part of the end user. I am unable to locate a se...

trusted endpoint using guid

Hi All, Needs to configure trusted endpoint on windows/mac os user machine using guid. Can anyone know how to do it or share any relevant document

Resolved! Duo Device Health - Port Allocation Fails Silently

Hi team, the Duo Device Health application (v2.14.0) on Windows 10 Enterprise (10.0.19042.1110) might fail to allocate the listening TCP port in the range 5310x if Hyper-V (and perhaps Docker) is installed - with no indication that anything has faile...

Resolved! Remembered Devices Policy> Add Trusted Networks

I'm searching for details on how adding trusted networks to the remembered devices policy will affect the authentication process. Does it disable mfa when on these networks? It says "always allow authentications on remembered devices", and I'm just...

DUO MFA for ASA Admin/management

We have an old Cisco ASA (5508) which has Duo configured for AnyConnect VPN, but using local accounts ONLY for Admin/Management. We are moving to a new FirePower device (in ASA mode) and want to enable some sort of SSO or MFA for Administrators using...

RDP via Network Gateway - multiple Gateways?

We have multiple, disconnected networks where we have the DNG installed. We’ve been using the RDP functionality for a while in beta and want to expand it to other networks now that it’s in GA. But I don’t see a way to add another gateway to the Heal...

Policy & Access Control

Forum Posts

DUO + Apple MacOS Sequoia - Firewall is not enabled but it is

Resolved! Operating System policy - Android 15

The password on this account cannot be changed at this time

CJI new MFA compliancy

Remember me - Checkbox Ticked by Default?

Authentication Method (Block countries)

Resolved! Protecting RDP - Hardware Token without Automatic Phone Call

Resolved! DUO Custom Policy Question

Risk Based Profile - Details

MFA twice to MFA once per laptop location

trusted endpoint using guid

Resolved! Duo Device Health - Port Allocation Fails Silently

Resolved! Remembered Devices Policy> Add Trusted Networks

DUO MFA for ASA Admin/management

RDP via Network Gateway - multiple Gateways?

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Risk Based Profile - Details

Local admin account with duo

Trust Assessment Factors

Report source IP from Kemp Loadbalancer

Trusted Endpoint for Linux

Operating System policy - Android 15

Protecting RDP - Hardware Token without Automatic Phone Call

DUO Custom Policy Question

Remembered Devices Policy> Add Trusted Networks

Cisco ISE an DUO Radius Attributes back to ISE