Duo uses push notifications, time-based, one-time passwords, physical tokens and biometrics to verify the identity of users at login. Similarly, Microsoft Authenticator uses push notifications, one-time passcodes, and biometrics for authentication and can integrate with Microsoft 365 and Azure Active Directory. While both 2FA options share some similarities, there are still key differences that can sway your decision to choose one over the other.
Just curious as to what everyone’s using for MFA in their environments. Duo? Microsoft Authenticator? Okta? A jumble of different solutions depending on which system needed to be covered at the time and with no additional budget?
Big fan of Duo. It integrates easily with almost everything. The only limitation we’ve had is with the Microsoft Partner Portal — it requires their authenticator.
Currently Okta + Okta Verify. In a previous job where we were all-in on Microsoft, we used Authenticator but were starting to implement Duo because of it’s wide reach and ease of setup. Like someone else said, Duo was able to do MFA for RDP at the time when Authenticator couldn’t.
We went all in with MS for SSO because we were already paying for it with EM+S E3 licenses. All internal websites, external systems that allow SAML or OAuth2 integration.
Then, cyberinsurance asked for MFA for RDP. We added DUO for that, since there’s no way to get Azure MFA to work. We only give a DUO account to the less than 5% of employees that need it.
Micosoft Authenticator Configured so it reports application, shows a map with the location of the request origin, requires a two digit number to be typed.
Whole company is on an hybrid Azure AD so it’s just the better choice in our situation because of that. We use Azure Apps to integrate it and Azure AD to manage permissions.