We recently had our VMware vSpher server configured for Duo 2FA authentication in our Virtual Desktop environment. An AD security group was created and added to Duo to allow certain user accounts to bypass Duo 2FA when logging in to their VDI. This part is working correctly. We also have certain VDI that were configured to autologin to the Horizon client to access the shared VDI. The autologin credentials are specified via a VMware goup policy snap in on the Thin Client hosting the Horizon Client/VDI. After enabling 2FA none of those shared accounts will autologin. The settings are still present and the username is populated in the Horizon Client but not the password. This broke immediately after enabling Duo 2FA. Our InfoSec team is claiming this has nothing to do with Duo but is a Microsoft issue.
My question is - would it be reasonable to assume that once Duo 2FA was configured on the VM server, some security settings related to Duo no longer allow autologin to occur?
I really don’t want to be wasting my time with Microsoft just to have them tell me what I already suspect, that it is not a Microsoft issue.
Any experiences or suggestions would be appreciated! Thanks!