Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1966
Views
2
Helpful
5
Replies

Additional authentication after using Windows Hello logon

robnicholson
Level 1
Level 1

‎10-14-2022 07:28 AM

A client uses Windows 10 laptops linked to Microsoft 365/Azure for authentication. They use Windows Hello and therefore can logon and/or unlock using password, PIN, fingerprint or face. The laptop locks after 5 minutes of being idle. MFA is implemented but this only kicks in when logging into a new device/password changed etc.

This has been deemed not secure enough and they want to implement additional 2FA authentication via mobile phone. The requirement is simple - upon authenticating using Windows Hello (logon or unlock) and 24 hours has expired, require an additional authentication step via their mobile phone.

We’ve done a trial of Duo and it wasn’t ideal as it turned off Windows Hello and resorted to forcing the users to re-enter their password each time they unlocked the screen. Feedback was that this really was too user-unfriendly.

Anyone know why Duo can’t work in conjunction with Windows Hello?

1 person had this problem
5 Replies 5

mrfrundles
Level 1
Level 1

‎10-14-2022 11:58 AM

NAA (not an answer)

11:57 AM Friday, October 14, 2022
+Can second this, issue is legit

0 Helpful

robnicholson
Level 1
Level 1
In response to mrfrundles

‎10-17-2022 03:59 AM

I assume that an answer was deleted as this doesn’t make sense

0 Helpful

mrfrundles
Level 1
Level 1
In response to robnicholson

‎10-17-2022 09:11 AM

Hi, Rob! Not, I meant that my comment was itself not an answer, resolution, workaround, presecription, or suggestion.
I was saying that I agree with you, that this issue exists.

=)

crhoades
Level 1
Level 1

‎10-24-2024 11:28 AM

This issue really need resolved before we go all in with DUO. The idea is to have better security without making it harder on the users that are already complaining about password length and complexity.

I have spoken with DUO support and the last I heard it still was not on the feature list to be implemented any time soon.

If they don't have a resolution soon we will go to SDO. https://doubleoctopus.com/

 

 

 

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to crhoades

‎10-25-2024 07:38 AM

This upcoming feature may address your issues: https://duo.com/blog/announcing-passwordless-authentication-for-windows-logon

While it does not integrate with Windows Hello, it does reduce password entry and perform out-of-band 2FA.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Top