Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
917
Views
2
Helpful
9
Replies

Integrating with Microsoft office 365

Vishal6
Level 1
Level 1

‎08-06-2024 11:00 AM

Hello All

Following below guide to integrate Cisco Duo with Microsoft office 365. Need to confirm if Azure Ad is mandatory to complete the integration.

https://duo.com/docs/sso-m365

0 Helpful
9 Replies 9

DuoKristina
Cisco Employee
Cisco Employee

‎08-06-2024 11:55 AM

It is, but not as a separate P1/P2 subscription. A free Entra ID (Azure AD) directory is the foundation of every M365 subscription, with other licensing bundles like E3/E5 orMicrosoft 365 Business Premium bumping the tier for Entra ID up.

https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing#:~:text=Microsoft%20Entra%20ID%20Free%20is,Microsoft%20Azure%20and%20Microsoft%20365.

Duo, not DUO.
0 Helpful

Vishal6
Level 1
Level 1

‎08-08-2024 11:09 PM

hello

Thank you for your response.

One more question, currently mfa is set for remote access vpn and machine login. For this microsoft 365 integration we would need to configure duo sso and do the desire configuration in auth proxy file. So configuring sso would impact current mfa setup for  remote access vpn and machine login ?

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to Vishal6

‎08-12-2024 10:38 AM

I'm not totally sure I understand your question.

When you federate an Entra ID/M365 custom domain with an external identity provider, be it Duo SSO or any other, all logins for any applications using Entra ID sign-in for users in that federated domain will get redirected to the identity provider. So, if you are using an Entra ID login for VPN and machine login, it would be affected if you were to federate the existing M365 tenant custom domain with Duo SSO.

If you are saying you are already using other Duo MFA configurations, like RADIUS for VPN login, or Duo for Windows Login for machine login, and are wondering if they would be affected by federating M365 with Duo SSO, typically they are not. If you already have a server running Duo Authentication Proxy with your RADIUS config you can add the SSO config to that same server's authproxy.cfg. For Windows Logon, you could have issues if the workstations are joined to an Entra ID domain and you log into the workstations with Entra ID credentials. 

Duo, not DUO.
0 Helpful

Vishal6
Level 1
Level 1
In response to DuoKristina

‎08-12-2024 11:59 AM

Thank you for your response.

My domain would be same whether on entra I'd or on premise Ad. Also user login on machine using Ad credentials and not entra I'd credentials.

Does configuring SSO with on premise Ad and making it communication with Entra I'd for Microsoft 365 application, make duplicate entry of users on duo portal i.e one user from Ad and another from Entra I'd.

0 Helpful

Vishal6
Level 1
Level 1

‎08-09-2024 12:09 AM

As per client they have no such/not using azure ad at microsoft offce 365. Is it possible to integrate in such scenerio.

0 Helpful

Vishal6
Level 1
Level 1

‎08-10-2024 01:11 AM

pls help

0 Helpful

talhazafer010
Level 1
Level 1

‎08-12-2024 10:56 AM

I’m currently working on integrating Cisco Duo with Microsoft Office 365 as well, and I’m following the same guide mentioned earlier. I’m trying to confirm if Azure AD (Entra ID) is mandatory for completing the integration. My client is also not using Azure AD within their Office 365 setup, so I’m curious if there’s a way to proceed without it or if there are any alternative solutions.

Any guidance or suggestions would be greatly appreciated!

Thanks in advance!

DuoKristina
Cisco Employee
Cisco Employee
In response to talhazafer010

‎08-13-2024 01:50 PM

@talhazafer010  Everyone who uses Office 365 is using Entra ID (Azure AD) underneath it. IIRC not all Office 365 subscriptions include federation support for the underlying directory though (and I mean "Office 365" and not "Microsoft 365" here). Microsoft can confirm if your subscription (and your client's subscription) includes support for SAML federation.

@Vishal6 "Does configuring SSO with on premise Ad and making it communication with Entra I'd for Microsoft 365 application, make duplicate entry of users on duo portal i.e one user from Ad and another from Entra I'd" it could if your usernames don't match between AD and Entra ID. Are you syncing users between your on-prem AD and Entra with Entra Connect (https://learn.microsoft.com/en-us/entra/architecture/sync-directory)? Are you currently syncing users into Duo using our AD Sync (https://duo.com/docs/adsync)? We have a guide for switching from Duo AD sync to Duo Entra ID sync here: https://help.duo.com/s/article/5539?language=en_US. Ideally you choose one of those services to be your source of truth for users in Duo.

Duo, not DUO.

talhazafer010
Level 1
Level 1
In response to DuoKristina

‎08-16-2024 08:25 PM

Hey Kristina, Thank you so much for help

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents