Hi, I see that Microsoft will be forcing MFA for Azure, 365, etc. and We use Duo, how can we insure that Duo is accepted as an MFA platform over Authenticator? I am concerned that we will not have access to our products after MFA is forced even though we use it. Thanks in advance

Hello @Bob James , Thank you for posting your query on Microsoft Q&A. From your description, I understand that you’re referring to the recent announcement about MFA enforcement, particularly the mandatory multifactor authentication for Azure and other administration portals starting on October 15, 2024. You’re asking whether this enforcement will support third-party MFA providers like DUO. If you’re using a third-party MFA provider (DUO) for second-factor authentication and have configured it through the Conditional Access Custom Controls preview, it will not satisfy the new MFA requirements. To continue using your external solution with Microsoft Entra ID, you should migrate to the External Authentication Methods (EAM) preview . If your DUO MFA is already configured through the External Authentication Methods preview, it will support the upcoming MFA enforcement requirements. Additional Resources: For more information, please refer to the following articles. Planning for mandatory multifactor authentication for Azure and other administration portals Manage an external authentication method in Microsoft Entra ID (Preview) I hope this information is helpful. Please feel free to reach out if you have any further questions. If the answer is helpful, please click " Accept Answer " and kindly upvote it. If you have extra questions about this answer, please click " Comment ". Thanks, Raja Pothuraju.

Mandatory MFA using Duo - Microsoft Q&A

Accepted answer

Raja Pothuraju 7,990 Reputation points Microsoft Vendor

2024-08-20T16:52:00.4766667+00:00

Hello @Bob James,

Thank you for posting your query on Microsoft Q&A.

From your description, I understand that you’re referring to the recent announcement about MFA enforcement, particularly the mandatory multifactor authentication for Azure and other administration portals starting on October 15, 2024. You’re asking whether this enforcement will support third-party MFA providers like DUO.

If you’re using a third-party MFA provider (DUO) for second-factor authentication and have configured it through the Conditional Access Custom Controls preview, it will not satisfy the new MFA requirements. To continue using your external solution with Microsoft Entra ID, you should migrate to the External Authentication Methods (EAM) preview.

If your DUO MFA is already configured through the External Authentication Methods preview, it will support the upcoming MFA enforcement requirements.

Additional Resources:

For more information, please refer to the following articles.

Planning for mandatory multifactor authentication for Azure and other administration portals

Manage an external authentication method in Microsoft Entra ID (Preview)

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Thanks,
Raja Pothuraju.
Please sign in to rate this answer.

2 people found this answer helpful.
Bob James 31 Reputation points

2024-08-20T16:55:44.5566667+00:00

Thank you, We already have Duo setup for the Azure portal and 365, Do I need to add Entra External Authentication as well?

Raja Pothuraju 7,990 Reputation points Microsoft Vendor

2024-08-20T17:42:50.7766667+00:00

Hello @Bob James,

Thank you for your quick response.

I see that you already have DUO set up in your tenant and are requiring MFA for Azure Portals. You’ll need to verify how your DUO configuration is set up in your tenant—whether it’s configured through Custom Controls (Preview) or External Authentication Methods (Preview).

Please refer to the screenshot below for guidance on verifying the configuration.

If your DUO MFA is set up through Custom Controls (Preview), you can find it under Entra ID > Security > Conditional Access > Custom Controls (Preview).

If your DUO MFA is set up through External Authentication Methods (EAM) Preview, it will be visible under Entra ID > Security > Authentication Methods > Policies > External (Preview).

Please verify your setup. If it’s not configured under the External Authentication Methods blade, refer to the following document for instructions on setting up your MFA, and contact DUO support for the required details.

Manage an external authentication method in Microsoft Entra ID (Preview)

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Thanks,
Raja Pothuraju.

Bob James 31 Reputation points

2024-08-20T18:06:47.9033333+00:00

Thnak you I think I've got it now; we are federated using Duo for MFA, but we have some non-federated accounts that will need to be setup in Entra EAM.

Raja Pothuraju 7,990 Reputation points Microsoft Vendor

2024-08-20T18:18:31.31+00:00

@Bob James ,

That's great! Please let me know if you need anything else.

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Xenia-MSFT 2,670 Reputation points Microsoft Vendor

2024-09-13T01:28:57.0433333+00:00

Thanks for your sharing.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Mandatory MFA using Duo

0 additional answers

Your answer