Duo uses push notifications, time-based, one-time passwords, physical tokens and biometrics to verify the identity of users at login. Similarly, Microsoft Authenticator uses push notifications, one-time passcodes, and biometrics for authentication and can integrate with Microsoft 365 and Azure Active Directory. While both 2FA options share some similarities, there are still key differences that can sway your decision to choose one over the other.
We went all in with MS for SSO because we were already paying for it with EM+S E3 licenses. All internal websites, external systems that allow SAML or OAuth2 integration.
Then, cyberinsurance asked for MFA for RDP. We added DUO for that, since there’s no way to get Azure MFA to work. We only give a DUO account to the less than 5% of employees that need it.