Cisco Duo Reviews

I am an IT system support person, and my use cases with Cisco Duo started out with helping clients at my firm and the firms my contracting agencies had by teaching them how to set up Cisco Duo and understand how to use it. Eventually, some of the systems I have access to on my own, usually the corporate systems and employee portals, were Cisco Duo-protected. It has been a split between using Cisco Duo and Microsoft Authenticator, depending on how the MFA has been set up. I started out as IT support, helping people install Cisco Duo on their Android and Apple devices, and I believe they actually had a computer client. Eventually, I had to use it in my own work to authenticate and gain access to the systems I support. Moreover, I have seen a lot of it used to access employee portals, either by end-user employees or my own employee portals.

My last access to Cisco Duo involved helping people either activate their Cisco Duo accounts on their individual Apple or Android devices, or if they were locked out, unlock their accounts or move them over to a new device.

The features I use in Cisco Duo include Duo Pushes to confirm my identity to the device, and eventually as MFA security was increased, I actually had to use exchange passcodes. Sometimes, I have to go into the site and get into Cisco Duo to retrieve the passcode, and many of them have been two-factor, where the sites send a passcode that I have to enter into Cisco Duo. It has been more of the latter.

I have not seen issues with lagging or crashing on Cisco Duo's end; it was usually on the client end, often because someone set up a bad upgrade or there were connection issues with the Cisco Duo cloud through the administrative site.

As support, I do not find it an issue with Cisco Duo product itself; it is more an issue of organization administration. Often, people do not receive expiration messages, and sometimes, for security reasons, accounts get disabled without notifying the end user, so they mistakenly think something has gone wrong when it really just needs to be re-enabled on the external system. It is primarily an issue on the administrative side of the firm I am working for.

I am familiar with Cisco Duo and have probably been using it since around 2020.

Cisco Duo seems very scalable. In my experience, I started with a small-medium business, and in my last contracting position, it was a large one for a major worldwide airline that had hundreds of thousands of devices that could use Cisco Duo, and it scaled very well. The administrative site was also very easy to navigate for locating people and devices. I also have a background in computer asset management, so I have the skill set to locate device records easily.

In terms of quality and speed of support for Cisco Duo, I find it just as fine as any other Cisco product. It is simpler at the endpoint; there is much less involved in calling technical support to resolve issues compared to other Cisco products. I have also dealt with firewalls and VPNs, and I can say that Cisco Duo administration is much less involved than other Cisco areas. I would rate support for Cisco Duo a 10, as I have never had a negative experience.

Positive

My experience with MFA is primarily Cisco Duo and Microsoft Authenticator, and I have used them both similarly, either as pushes for allow or deny or as stronger MFA requirements such as exchanging passcodes. From my experience, Cisco Duo seems a lot easier to install and operate. In helping add accounts to either my devices or to the devices of the people I am supporting, both systems work well. I can get passcodes or utilize QR codes. One thing I noticed about my current firm is their initial hesitation to consider QR code exchange secure, but eventually, it was re-enabled to reduce support times. As an administrator, I have done both, pushing activation to pre-installed devices already registered to a system or actually sending people a QR code to their email, and both methods worked fine with personal and corporate email.

The setup of Cisco Duo is easy. Most of the time, the setup took me walking the end user through the installation over the phone, but if they understood how to get to their App Store or Play Store, it takes probably under two minutes. Most of it depends on wide area network or internet speed; activating directly on a client device versus sending an activation email makes a difference. If it is all set up and requires only sending an activation code message, it is about a minute. Cisco Duo installs very quickly on Android and Apple devices, provided the Wi-Fi connection is good.

From what I was involved in with Cisco Duo, we actually conducted Cisco Duo pushes through the management systems, enabling that through MDMs, the Bomgar. I found it pretty easy to grab the latest version of the Cisco Duo installer to update the packages on our management systems. I do not remember having any problems; it is one of the easier applets to package or to already find packaged.

I am currently between jobs or contracts, but I believe for the MFA administrator, it would help if they set up the filters for gathering the data. Cisco Duo seems very scalable. In my experience, I started with a small-medium business, and in my last contracting position, it was a large one for a major worldwide airline that had hundreds of thousands of devices that could use Cisco Duo, and it scaled very well. The administrative site was also very easy to navigate for locating people and devices. I also have a background in computer asset management, so I have the skill set to locate device records easily. I have given this review an overall rating of 10.

We are a tax consulting firm, so we help people file their tax, we help with payroll and all those things. We keep people's confidential information, so security was a critical thing for us and we wanted to make sure that people's data that they trust us with are safe with us. Security was a concern and that's why we implemented Cisco Duo. There were a lot of other security things that we have implemented down the line since, for the past two years, a lot in Microsoft Defender, Cisco is one of them, application control. A lot has been rolled out in recent times and Cisco Duo is one of those.

Cisco Duo just works. The solution is great. We use it to log in to computers. When users are putting in their password, they are prompted for Cisco Duo authentication, and then based on the one they choose, either SMS passcode, Duo push, or call, they accept the push or the authentication prompt and then they are in. What I appreciate about it is that it works. Since we onboarded it, since we started using Cisco Duo, we have never had any operational glitch. There was only a case where we received an email that a particular device was running a version that would soon stop working and it was on a Mac. I reached out to them because when I got the email, I needed to follow up and they quickly assisted me and showed me what to do from the portal. We have not had any challenge. That is one thing I appreciate about them; it is always running. We have never had any glitch or situation where people are unable to get into their laptop because it is a little bit delicate in the sense that people may log in with their password and then if they don't have their phone, because the phone is the mode of authentication. If you don't have your phone with you, you could be logged out of your computer. However, they have a way around it, which is a good thing. The way around it is that you can do bypass. So they have a solution for every issue that may arise.

Cisco Duo's pricing is cheap. Cheap is relative, but I would say it is way less compared to Okta, its direct competitor. The price point is really good for small and medium-sized companies. For more established larger organizations that don't care about cost, they can always go for Okta.

One issue I see is when the device is offline. When the device is offline, sometimes people struggle to get in. If they don't have internet access on their device and Cisco Duo push works with internet access and connectivity, it sends a push to the cell phone. If the cell phone is offline, they are not able to get in. In that case, they need to find a way to reach out to the help desk or IT for IT to bypass them or find a solution. The reason why I don't see that as a big deal is because it is the way it is designed. Everything needs internet to work. It is not the fault of the developers that the users don't have internet on their device. The only thing is, maybe if they can probably innovate that area where regardless of internet access on your device or not, you are still able to get in. Or you still get that push or however you still get the prompt on the device, on your cell phone to be able to log in. We have seen a couple of tickets where people don't have internet access, maybe someone is in airplane mode or they are in a hotel and they cannot get into the hotel WiFi on their laptop. Because of that, if they are not registered for offline access, they don't get into their laptop.

When we started, I remember if you tried to put in your password, then in a couple of seconds you would get a Cisco Duo push on your phone and then once you approved, it would take you in. I remember when we started, sometimes when the Cisco Duo push got to your phone, if you did not accept it within sixty seconds, it would ask you to repeat that process again. I think that time frame, if it can be reduced to like two minutes, would be great. I know it is for security reasons, since OTPs expire within a very short time frame. But for it to invalidate after sixty seconds, I think it is too short. Sometimes your phone might not be with you. Sometimes your phone might be in the other room and you are looking for it. So you put in your password and you are expecting to accept the prompt in sixty seconds. So if that can be maybe put to like ninety seconds or more, that could be good.

I have been using Cisco Duo for approximately two years and a few months.

For what we use, for the piece that we use, I do not see anything that is bad, to be candid. I have not spoken with anyone and I am not influenced by any interest, but it is just the reality. I am the SME for this product. I implemented the solution, so I know it inside and out and we have not had any issues. For the use case, I don't know about every other function they have, every other function such as SSO, which we did not purchase. It is a higher level license which we did not purchase. I don't know how that works. But for what we use it for, there is no negative.

I would say it is not much of a problem. That is why I didn't mention it in the beginning. The reason is because they still have a solution for that. But the way they work, I understand the product very well. So people can opt in for SMS passcode and they can opt in for Cisco Duo mobile app. So if anyone is using Cisco Duo mobile app, all they need to do to alleviate that offline problem or difficulty is they just need to set up offline access on that mobile app. Because on the app, you have the ability to set up offline access. So if you set up offline access, that means that if you try to log into your laptop and there is no internet access on the laptop, it will default to the offline mode automatically. On the laptop, it will ask you for an offline code, which you have set up on the mobile app. So in that case, you are able to generate a code on the mobile app and then log in. But the only area where that could be a problem is if the people opt not to get the mobile app. So for the people who are using, who enroll for SMS code only, they cannot get into their laptop. So that is the only thing. But then, Cisco Duo has a solution for that. So it is not much of a problem. It is only a problem if someone refuses to download the mobile app and they opt for SMS authentication only.

Scalability depends on the number of users that you have. Currently we are less than five hundred employees and our license, so if we need to increase our license, we can always reach out to Cisco Duo and they will increase our license. I remember we reached our threshold for the number of licenses we purchased last year and we had to buy more licenses. We increased. So that is scaling for me. As we grow, we requested more license and it was really smooth. After the first year, when we wanted to renew our license, we had to buy more. So that is scaling for me. And as we grow and we need to as we grow, I think it is easier for us to just scale along based on our need. So we have done that last year and it was seamless. There was no glitch, there was no issue after getting more licenses. Everything just runs smoothly.

The speed is really great. We have direct access to call. When we call them, they usually pick up and they give us insight and solutions. A lot of times, and once after the call, they send a follow-up article. And of course, they also have those articles online. Even when we did the onboarding, we had access to online documentation that are really good. I have called them several times. The last time I called them was when we received the email to upgrade the versions on the Mac devices. So they gave us help and they sent a follow-up article after the call. So they are always reachable. We have a direct line to them and when they call, they do some form of verification, ask us if we are an admin on the portal, we say it and then they send a Cisco Duo push to our device just to confirm our identity.

When we onboarded Cisco Duo, we had a choice to choose between Cisco Duo and Okta. Our IT director was the one who introduced it. When he joined, I think two years before I joined, and when I joined, I was the one who led the project. He liked Okta because he used it in his past company where he worked before and he wanted us to use Okta. He introduced it to us, but we looked at both, and the reason why we chose Cisco Duo was the price point. Cisco Duo was way cheaper and we are a small company trying to cut costs. So we had to choose Cisco Duo. When we did comparisons, I think both actually do the same thing. It is just acceptability, just as AWS versus Azure. We feel Okta has more visibility, more market share. But I have not used Okta, but I know that both do the same thing. They are competitors.

It actually was easy. Comparing with Okta, we had a call, onboarding call with Okta. They showed us the products, we appreciated it, and then the cut-off moment was the pricing. I did not try to implement Okta, but my work setting up Cisco Duo was really straightforward. We had thirty days trial period and we were on calls with the onboarding team. They helped us, walked us through the process and then I think we were able to set it up in two weeks. I started doing the testing, the enrollment, enrolled a few individuals, enrolled my test devices. The onboarding process was quite easy. We had thirty days trial so we were able to run tests before going live.

I have worked with the implementation team many times.

We were only looking at MFA. The reason why is because we first of all considered Windows Hello for Business that allows people to just log in with passwordless authentication where you just put your face and it logs them in. But our IT director felt that just one single authentication is not enough, and we want two. So that was the only thing we were looking for, not anything else. But when we started the onboarding process, I recall the Cisco Duo team trying to sell other aspects to us such as single sign-on. But we didn't feel the need for that because we already have our Azure Identity Provider. We use our Azure and we run a hybrid environment. Microsoft is already handling our authentication process in terms of identity, and they were our identity provider. So we didn't want to bring in another third party. And again, that came at an additional cost. So maybe if we had the financial means or financial buoyancy, maybe we could have looked at other features. But that was the only thing that made sense to us. We just wanted to have a second form of authentication other than the password. The Cisco Duo team trying to sell other aspects to us such as single sign-on. But we didn't feel the need for that because we already have our Azure Identity Provider. We use our Azure and we run a hybrid environment. Microsoft is already handling our authentication process in terms of identity, and they were our identity provider. So we didn't want to bring in another third party. And again, that came at an additional cost. So maybe if we had the financial means or financial buoyancy, maybe we could have looked at other features. But that was the only thing that made sense to us. We just wanted to have a second form of authentication other than the password. I would rate this review as a nine.

Cisco Duo serves as an MFA platform with various primary use cases. The first use case is remote access VPN MFA, which protects VPN access for users. Integration with Windows RDP and device admin management use cases are also configured frequently. When administrators need to access network devices, switches, firewalls, routers, and remote desktop environments, these systems are protected with MFA.

Cisco Duo is mainly an MFA platform, though Cisco positions it as much more. Once a customer has Cisco Duo, we can go into details and use all of the security assessment policies that they have, or a new solution that was recently integrated is the Identity Intelligence platform, which is a kind of ITDR focusing on identity threats monitoring and posturing. However, it all starts with the MFA.

The product is really amazing, and I think it is one of the best documentation sets I have ever seen. The development platform has improved much. However, it is really hard to position against Microsoft because a lot of customers have Microsoft or Entra ID. Microsoft sells it for free, so they have similar MFA use cases and conditional access policies, and about 90% of customers have it for free. Cisco Duo shines in environments where there are multiple identity providers being used. However, that may only be relevant for really big customers. For smaller customers or medium enterprise customers that mainly rely on Microsoft IDP, Entra, and Active Directory, we have troubles because they prefer Microsoft since it comes for free and is also a great tool.

The licensing model for Cisco Duo is really amazing because it is based on the number of users. When you buy Cisco Duo, you pay for the number of users and it does not matter how many applications you want to protect. It can be any number of web applications, any number of devices, anything. This allows us to make great deployments.

When the customer is satisfied with Cisco Duo, they can become addicted to it in a good sense because we can cover pretty much everything. I love the fact that it tries to play the role of integrating multiple identities. I think that is where they are going, and I think that makes sense.

Whenever a customer has multiple IDPs, for example, they have some LDAP servers, Active Directory, or RADIUS servers, Cisco Duo integrates it all. This is a lot harder with Microsoft or with other platforms. In general, the whole UI experience for an admin and also for users is very straightforward. They have integrated recently an AI assistant that is good. It can be better, but it helps you to configure things and to troubleshoot things. I really like the whole user experience of Cisco Duo, including the configuration experience, documentation, and support is great.

Cisco Identity Intelligence, which is part of Cisco Duo, is a great feature that performs a lot of security checks on all accounts, including machine accounts and agentic users. Depending on those checks, administrators get notifications and based on those notifications, they can act.

This is kind of a SOC CDC story. The admins managing Cisco Duo are not responsible for processing those monitoring or detections. Identity Intelligence is a great, amazing, and fantastic source of information that is absolutely relevant for the use cases that SOC CDC colleagues do for investigations that they run. They heavily rely on this and really consider it very much. They also integrate Microsoft similarly. For our managed service customers where we do SIM, CM, SOC, and CDC services kind of managed detection response, they use it a lot, so I think Identity Intelligence is a great tool.

When it comes to agentic things, we are quite at the beginning of the whole cycle. We do not see yet that big organizations really deploy those agentic agents. Of course, there are service accounts and those service accounts have been monitored, which is again a great tool. However, they are really afraid to create some AI tools that are just talking to each other because nobody has an overview about that. The organization security policy does not allow it for many customers, so it is not really a topic that we see right now. However, I think it will come at some point.

Visibility is great, and you get all the possible logs and all the possible security posture results in Cisco Duo. First of all, administrators and organizations get a lot more visibility and understanding of what is happening in their network and which identities they have.

With Cisco Identity Intelligence, you get a great overview of all possible accounts, including service accounts and user accounts. A lot of people start with the cleanup of those accounts because a lot of them are dormant, probably have been compromised, or have permissions that they do not need to have.

Cisco also has a partnership with BloodHound Enterprise, which is a great tool to discover attack paths on the active directory, which is an identity access management relevant topic. This has helped a lot. However, I must admit that we should do a better job in there because unfortunately, many customers managing Cisco Duo are firewall or network admins, and they are not really security oriented. Sometimes this teamwork is missing between those firewalling Cisco Duo management teams and the security SOC at the customer where they can really exchange information. Unfortunately, this conversation sometimes is missing, and sometimes it is just political decisions. It is really hard to affect how people work between themselves and between different teams. However, we are trying, and I think Cisco Duo has all the capabilities to improve and answer those needs. It can help a lot already to many, but it can help more. We are trying to do good work there, but people are people and unfortunately, some people do not really work the best with each other.

About 80% or a lot of phishing attacks go through email. Whenever users receive emails, those are phishing emails, and Cisco Duo does not really protect email. That is a solution that protects access to applications.

The whole email part is not covered, and I think when it comes to phishing, a lot of phishing attacks use the email vector. However, if we mean phishing attacks where attackers try to hijack MFA, Cisco Duo has done a lot of work there. For example, there are lots of features similar to conditional access in Microsoft. These include behavioral analytics, risk-based assessment, and configuration of things such as only trusted devices can be used to enter applications.

If somebody is using correct credentials to enter a website but the device is not that trusted and there is no certificate from Cisco Duo, it will be denied.

There is a great feature that is normally active by default called Bluetooth proximity. The phone, which is normally a second factor, and a laptop have to be located very close to each other. Bluetooth proximity helps against these phishing attacks, and it actually works on most devices. On Linux machines and more custom things, it is a bit harder, and there is no full support in there.

My company also uses Cisco Duo internally. We are Cisco partners, so we use a lot of Cisco products. We have all of the fancy features, like Cisco Duo Passport, which is a great tool when you authenticate once and then have single sign-on across all possible applications, across different browsers, and across different platforms. We use a lot of this, including Bluetooth proximity, and a lot of security features are configured in the background as well.

I have been using Cisco Duo for more than five years.

There are no performance issues. Cisco Duo provides 99.99% availability guarantee, which is very good.

Cisco Duo is not MSP ready by default. We had some requests from customers that wanted to make it global. For example, there was a customer located in different countries that wanted to have different admin panels, different dashboards, and completely fully isolated tenants between the countries. They wanted Austria to authenticate only in the Austrian tenant, Germany and so on. That is not possible by default. Cisco has to integrate it in the background and split it between AWS regions, but we have no overview at all of what they do. It would be great if they were fully MSP ready. That is a scalability issue, but it is possible, though not perfect.

Depending on the customer, if we have implemented Cisco Duo correctly or if my organization heavily relies on Cisco Duo, it cannot be gone in a minute because we rely on that. If we cannot have Cisco Duo anymore for some reason, we would need to migrate to another solution, and that would take a lot of effort.

There are solutions that can cover use cases of Cisco Duo, such as maybe Okta, though maybe not all of the use cases. Most of them can be covered, and the other use cases may be covered somehow elsewhere, but somewhat differently. That would be a big, massive effort to migrate from Cisco Duo.

Cisco Duo cannot be easily replaced. If you configure it correctly and it is a primary authentication source, then you federate with an IDP, for example, and you need to federate other things. The federation itself is a real, global, major change. That is a complete traffic outage of the whole company. That is really hard if you go this way of relying on Cisco Duo as a primary authentication source. Not every company does it. For some of them, it is a lot easier to replace Cisco Duo, depending on how many applications they secure. However, for some customers, that is practically possible, but it is a massive effort.

I think the setup for Cisco Duo is very straightforward. You have to understand the whole topic a bit, like what is possible and what is achievable. Cisco Duo is not only MFA; it is a real identity access management platform with a lot of security features in there.

It takes some time to explain all of those capabilities, but the setup itself is very straightforward. However, in most cases, this topic does not land on the side of Windows or Active Directory admins that already know a lot about identities. Most of the time, the MFA topic lands on the firewall team because they start by securing remote access VPN and securing access to devices like switches. They do not know that much about identity, so it takes some time to explain how it works. I would say it is just more of a positioning thing, but the setup itself is very easy. If it lands on a person that knows about identities because they worked with identities before, that is very self-explanatory.

It is hard to calculate, but one of the features that has really affected operational costs is the fact that Cisco Duo can be integrated pretty well with any SIEM solution, also Splunk, which belongs to Cisco.

SOC CDC teams that are doing security investigations rely on identities. Normally, it is relatively hard for them to get all of the possible identity logs. Sometimes it is just an IP address or the hostname. They get those logs from other systems or from the firewall. Cisco Duo adds this layer of identities. I know that SOC CDC colleagues spend a lot less time finding those identities and therefore reduce the whole operational cost. They would need less time finding out the identities and they can focus on other things. However, it is really hard to calculate because you need to take each individual customer, how many investigations that customer has, and how many it was without Cisco Duo and with Cisco Duo.

I think it did improve a lot of things. From the configuration perspective, they have added an AI assistant recently, like some months ago. I think that is also great. That helps some people that are starting to work with Cisco Duo to do those configurations faster.

The UI itself has developed a lot. There are a lot of explanations when you click on a button and when you see a feature, it explains it very well. That also helps to minimize the cost of configuration because some customers do not need to contact partners or somebody else more experienced. They can do a lot of things themselves, and I think they can do everything themselves. It is just that you have to read a bit, but it is not hard at all. Cisco is doing a great job in there.

Cisco Duo is trying to be cloud only with SaaS deployment. It would be great if they did it on-premises. Here in Europe, there are plenty of customers that would benefit greatly from Cisco Duo, but they do not want it because it is SaaS only. I am not saying that they should do the whole on-prem version, but they could maybe do a data plane on site, and the control plane could reside in the cloud as SaaS. However, the data plane could reside on-prem, and for many customers, that would be already enough to consider it. Sometimes it is really a security policy. They hear cloud and they say no.

Another thing that I am really looking forward to happening is integration with the Cisco Secure Firewall. That is in terms of identity intelligence, and those kinds of risks that are dynamically assessed by Cisco Identity Intelligence, which is part of Cisco Duo, could be shared with the secure firewall. However, the identities themselves and the mappings of which users are coming from where could be used, and that would also be fantastic. They do something similar with Secure Access. Cisco Duo integrates with Secure Access. However, there is room for improvement in there. I just do not know if they go that direction. I know a lot of people at Cisco because I work a lot with them. I know that they discuss it, and they want to integrate Cisco Duo more and more with Secure Access. I do not know if they plan for Secure Firewall. I hope they plan. It would be great to see more integrations in that area.

Cisco Duo is only a SaaS solution. There is nothing else.

Cisco Duo is still kind of an island in Cisco. It is another team and kind of another company in a company. I would say they are really good, and I have really great experience with those people. They are always helpful. In general, for customer experience, they are always trying to reach out to ask for feedback, and I see that they consider those feedbacks. I would rate them as a nine. Not a ten because it is hard to be everything ten.

Cisco Identity Intelligence, which is part of Cisco Duo, is a great feature that does a lot of security checks on all accounts, including machine accounts and agentic users. Depending on those checks, administrators get notifications, and based on those notifications, they can act.

I would rate Cisco Duo a nine because they can improve in some cases like everybody. However, I think it is a really good tool. They are trying now to really promote it. You get it kind of almost for free with some products. With Secure Access, you get it, and sometimes with a great discount. However, the whole story of Microsoft is really hard to compete with in general. If it was Okta, I am sure that Okta is also struggling to compete with Microsoft because they just come in, and everybody realizes that they give the authenticator capabilities for free. That is a hard conversation to have. The overall review rating for Cisco Duo is nine out of ten.

My main uses for Cisco Duo include having two-factor authentication on a number of products including our storefront, Epic, and email. Cisco Duo fits into my broader security environment as an added layer. In the future state, it will have much better integration with our full security stack.

What I appreciate most about Cisco Duo is the ease of use; it has been a game-changer compared to other products we used in the past. We really value how it is integrated and our users are able to use it easily.

Prior to using Cisco Duo, we had no two-factor authentication, which is a huge risk factor in healthcare. By adding two-factor authentication with Cisco Duo, we are in a much better security position by ensuring that our users are the ones logging in and we do not have outside unauthorized access.

Cisco Duo's visibility into identity-based risks has improved my ability to manage the security of both human users and non-human agentic identities across my environment. From the human aspect, it has been invaluable because we can access the portal and see what login attempts are happening, whether they were made by the actual user, and from what country.

We have not really used Cisco Duo for phishing attacks, but we have used other solutions such as Proofpoint and campaigns to phish our own employees to help them learn how not to fall victim to phishing. However, I need to look into Cisco Duo; I had not realized they had an email aspect.

I think there may be a feature already, but we have been trying to explore Cisco Duo for the desktop in ways that we could authenticate users on the desktop to access certain applications.

I have been using Cisco Duo for three years.

I would assess the stability and reliability of Cisco Duo as excellent; we have not had any major issues with Cisco Duo so far.

Cisco Duo scales very well with the growing needs of my organization; we have grown approximately 2,000 users since we first deployed it and we have been able to grow successfully without any issues.

We have expanded usage of Cisco Duo, and that process has been seamless; the users are already accustomed to Cisco Duo, so adding it to another application or product has been no change to them. They understand what to do.

I would evaluate customer service and technical support for Cisco Duo as a 10 out of 10. While Cisco sometimes has their problems, they will get anyone and everyone on the phone within minutes if we have a problem. For that reason, we keep choosing Cisco for our products because we know we have the support from the company.

Before implementing Cisco Duo, we were mostly worried about people getting in through our storefront, which allows access to Epic and other systems. Fortunately, we do not have the same user ID and password for Epic and the storefront, which adds a layer of security. However, password spraying and other attack methods were a huge concern for us. Although spraying is still happening, attackers are not able to get through because of Cisco Duo, which has been a huge benefit.

Prior to adopting Cisco Duo, we had no solution for this issue. Cisco Duo was our first attempt.

My experience with the deployment of Cisco Duo was easy. I believe we stood the entire practice up within a week and we had minimal issues. The enrollment was straightforward, especially since we were able to text the users all the information and have them self-enroll.

In terms of operational efficiency, Cisco Duo has improved our security workflow significantly. Being able to have two-factor authentication on our most critical applications has been invaluable. Additionally, we were able to save money from an insurance perspective as our cybersecurity insurance went down considerably from having multi-factor authentication in our environment. While this is probably not the usual route of savings, it did have a significant impact.

We looked at other solutions before selecting Cisco Duo, such as Imprivata. We use Imprivata for some other use cases already, but the feasibility of Imprivata simply was not there compared to Cisco Duo. We also evaluated Microsoft Multi-Factor, but it did not provide the same capabilities that Cisco Duo could bring.

If Cisco Duo were removed by some chance, it would be a major impact. If it were removed without another solution, we would be going backwards, which would not be a good situation.

When evaluating my identity strategy, I was looking for a standalone MFA tool, and Cisco Duo was the best fit for our organization since we use Cisco products across our environment. I believe there is much we can learn about what Cisco Duo can do in other areas and broaden that scope. I am excited to go back and learn what more Cisco Duo can offer.

I would rate Cisco Duo a 10 overall in terms of what we have wanted to use it for; it has been painless and seamless. For other companies considering Cisco Duo, from a multi-factor perspective, it is easy to implement. The platform has many connectors pre-built, making it straightforward for us to stand up. We can add applications within 30 minutes, making it a simple and efficient process to get applications onboarded. I would definitely recommend them to give it a try.

My main use case when using Cisco Duo is MFA into everything: email, making teachers MFA, and mostly email. We are rolling it out to other on-site resources that we have as well.

It has helped us significantly since we have many different applications and things of that nature to protect. Cisco Duo provides protection as we don't have a full cybersecurity team.

The feature of Cisco Duo that I prefer the most is the policies, being able to control what we need to within the policies. You can get pretty granular. 

There isn't a lot of training that goes on in school districts. Email is an easy way where many people give out their credentials, so the level of protection is something that we definitely need in a school district.

Cisco Duo's strong security authentication system has been easy when logging in, although the teachers don't appreciate it as much. We have it configured so users essentially just hit accept. If it sees any sort of built-in risk, then it steps up authentication. It's pretty easy. I appreciate it.

I've encountered advantages with Cisco Duo in that it has stopped significant pushback from teachers. It has prevented credential sharing and unauthorized access. We've seen a huge decrease since we've rolled it out across the entire district.

Improving Cisco Duo might involve alerting us about telephony credits when people receive texts. We hit zero at one point, and we were running around in circles without any idea until I discovered it. That's my only complaint. Other than that, I appreciate Duo significantly.

We have had Cisco Duo for a couple of years. That said, we just got it rolled out in our school district this past year. I have been more involved with it in this past year.

The stability and reliability of Cisco Duo are good. I haven't seen too many issues. Occasionally, a server will go down, but they send an email. They tell you who's having issues and that they're working on it. It has only happened once or twice over the couple of years that we've had it. It is very reliable, easy to use, and I don't have too many issues with it.

Cisco Duo scales very easily with the growing needs of our company. We have 25,000 students and 5,000 teachers, totaling about 30,000 users, and it's very easy to add when new people come on. Rolling it out was very seamless, as we could do a whole campus at a time.

The customer service and technical support of Cisco Duo is easy. It's really easy on the back end. I have no complaints. Dealing with customer service has been positive. I called them once about telephony credits, and I didn't have to sit through a queue. Someone answered the phone immediately and was very helpful. I would rate them a nine out of ten.

Positive

We did consider other solutions before choosing Cisco Duo as a school district. It has been so long that I'm not sure which ones, however, as a school district, we have to consider multiple options. We always evaluate all possibilities to see what's most advantageous to our system.

Cisco Duo fits the role since we're a Cisco shop. We typically lean toward Cisco solutions.

The deployment of Cisco Duo is simple and straightforward. It's actually very easy. We tied everything to AD groups and would do one site at a time. We didn't mass roll out. I would move a group over, sync with Duo, and it would automatically send them an email. It's pretty seamless.

The biggest return on investment when using Cisco Duo is protection and 2FA into anything that we need. As a school district, people are always trying to get teachers' credentials and student information. It's very important to protect PII.

My experience with the pricing, setup cost, and licensing of Cisco Duo is honestly above my pay grade. I don't know any of that.

We haven't started using any new features or functionalities in Cisco Duo recently as we just rolled it out. We are currently using basic features. We're looking to do more with it as part of the process. Having a complete passwordless environment in our company would lead to less pushback from people who don't necessarily want MFA. It makes it simpler for them and smooth.

I do not utilize the feature called Advanced Identity Threat Detection and Response. 

I don't know enough about Cisco Identity Intelligence capability to detect and respond to identity-based risks effectively. 

I have seen yet not used Duo's conversational AI interface for admin tasks.

I would rate Cisco Duo overall at a nine out of ten. It's hard to be a ten, however, I don't have anything at the moment that they could improve.

I have primarily used Cisco Duo for Identity and Access Management, especially when clients have extensive identity footprints scattered across different business units or locations, with each location maintaining its own Identity and Access Management system. Centralizing all of that into one single pane of glass as a centralized IAM solution has been the primary motivation. During the COVID period in 2020 and 2021, remote access VPN usage increased significantly because everyone was working from home. The ability of remote access VPNs to integrate with identity was a major challenge we were struggling with at that time. Moving to a single centralized pane of glass to create entitlements, role-based access controls, and then hooking those into the VPN or VPN access solution was the primary motivator for most of my clients. For a couple of clients, I ran assessments to identify gaps, improvements, and the policies that needed to be configured and tightened.

I worked in the past with Cisco XDR, but not lately. We are primarily relying on Microsoft Defender for our EDR, and for a couple of other subsidiaries, we have Palo Alto XDR, not Cisco. I understand how that solution works, but we did not deploy it extensively because market adoption is lean. Cisco Secure Access is definitely something we use as SSC, Secure Service Edge, for internet bound connectivity, integrated with Cisco Umbrella.

Cisco Duo is not doing anything that competitors are not doing. I have worked on Okta as well, and Microsoft Entra ID has really improved. The primary benefit of Cisco Duo is if you already have an extensive footprint of Cisco products, such as Cisco Secure Access, Cisco Secure Firewalls or Firepowers, or Cisco Umbrella deployments, then it becomes very easy to integrate these products together so they work hand-in-hand with deep integration.

Cisco Duo offers phishing resistant IAM and multifactor authentication (MFA), which relies on Cisco Talos Threat Intelligence sharing to enrich Cisco Duo with all threat feeds. This provides pinpoint accuracy to determine what is malware or malicious and what is safe.

Identity intelligence is analogous to what Okta or Entra ID does with conditional access. It gives you a complete view of whether a particular user who seems legitimate is actually supposed to get access to applications or not. You can control access and curtail access depending upon the behavior of a user.

MFA is mandatory, and there are multiple ways you can implement it. Phishing resistance is critical because even if a user's account has been compromised, the tool regularly tracks how that particular user accesses applications and where they do it from, creating a baseline. If there is a deviation, which would definitely be the case if the user or user identity is compromised, it asks for step-up authentication or curtails access to the application. This end-to-end phishing resistance feature definitely has an impact on the company's security posture.

The primary issue is adoption. When I used to work for Deloitte, I did consulting and advisory for at least 95 of the 100 Fortune 100 companies. The number of enterprises using Cisco Duo was considerably lower and definitely not at the median. There are other tools that integrate better or whose integrations are not dependent upon SaaS vendors and SaaS applications. This could be related to how the product is positioned or how other companies are doing better with their sales. If a product is not being adopted by a very large footprint of enterprises, you need to start asking questions. Cisco Duo is definitely not doing things that others are not doing, so there is no unique selling proposition. It is definitely doing all the things that others are doing, but the adoption for other vendors is definitely better. I would compare Cisco Duo to Okta and to some extent Azure Entra ID, because Azure Entra ID has picked up very well with conditional access policies and Identity and Access Governance. Azure Entra ID also has integrations with SailPoint, which Cisco Duo does in full transparency. The issue is that Cisco Duo is not being adopted by a very large set of enterprises.

I worked on Cisco Duo from 2019 through 2020 and on and off until around three and a half to four years total.

Cisco Duo is fairly stable. They send out scheduled downtime windows for backend maintenance, but it is very well planned. The UI will not be available during this time, so any configuration or operational work needs to be scheduled around these windows. This approach is in line with what other vendors are doing. No significant issues exist. There used to be bugs in the initial days, but they have been taken care of. Every single product has some instability in the initial days, but towards the end of last year, it was not a big deal.

It is Cisco's responsibility to take care of scalability. We have an account manager whom we have always used, and we would inform them that we were going to add 50,000 identities and ask them to ensure that their backend was capable of handling it. We would also inform them about a few hundred thousand login requests over a certain duration, and they would take care of it. We have never faced any challenges where resources were not available.

I would rate Cisco Duo's customer service around seven. Level one support appears to be outsourced. There are different Cisco badges, and they outsource level one support to other people before taking it over from level two. For one of our bank clients with a very premium contract and smart licensing, they provided better support. The level of support you receive depends on whether you are okay with partner-enabled support or if you want premium customer support. It is fair because it is very rare that your service will not be available. I rate them as seven because sometimes level one engagements take time to get those people to the right part of the issue, as they ask basic questions like tenant ID and continue with W-H questions, which takes longer.

Positive

The setup is very straightforward. You get assigned a tenant and log into it, then integrate it with your existing Identity and Access Management solutions. For a brownfield deployment, this adds complexity, whereas for a greenfield deployment, the process is simpler. For a greenfield setup, you just start creating identities and send out auto-enrollment emails to the users who need to be onboarded. You need to do some domain verification in the beginning. It is up and running in a matter of two to three hours. The way you integrate and migrate it definitely depends upon the complexity of the environment and enterprise. If you have 100 different identity stores in different regulatory regions and countries with different regulatory requirements, this definitely adds complexity. However, this is not unique to Cisco Duo but applies to any vendor. For my deployment, we were able to get it up and running in a matter of a few hours on day zero and then keep expanding it over the following days.

For one of my clients, the ROI was somewhere between 25 to 27 percent in year one. We had a lot of things planned for the next year, but that was taken over by D2 operations teams. Year one definitely yielded around 26 to 27 percent in savings. The cost of benefits from a better risk posture or no compromises is definitely very difficult to estimate because that is more about understanding probability, so I would not say those theoretical numbers are close to reality.

For a couple of clients, they were able to get good deals because they were already a Cisco shop in the past. Cisco Duo came in more as an additional feature, which was counted as a new feature purchase, and this brought down the cost that the client had to invest. Cisco is smart with bundling, as you get multiple tools from Cisco that come in as add-ons and you get very good pricing. For clients using on-premises Active Directory as a source of truth, we were able to move all of those to Cisco Duo, which is SaaS and cloud managed. You do not need to maintain virtual machines, expensive servers, or redundancies, which definitely brings cost savings. You are able to remove all of that additional expense, and you also do not need to manage those anymore, so all of that goes away. Ease of management and lowering cost with regards to maintaining infrastructure are definite wins, though these are not unique to Cisco Duo but typical of SaaS-based Identity and Access Management solutions. All of these factors weigh in to give you a decent ROI. With regards to security, you are getting better security than traditional solutions, which is a win-win.

My overall experience with Cisco Duo comes from working on the product from 2019 through 2020 and on and off for around three and a half to four years total. I am a service provider for Cisco as an MSP. My role was a partner as part of a couple of our SGOs in Deloitte. We had an alliance partnership where we offered services, advised, implemented, and operated for clients. We also worked with Cisco to package different solutions and position them to clients after running assessments to improve their security posture.

Cisco Duo can be used for centralizing identity and access management across different business units and locations, integrating remote access VPN with identity systems, creating role-based access controls, implementing MFA and phishing resistant authentication, and conducting security assessments to identify gaps and improve security posture.

Some positive features about Cisco Duo include deep integration with other Cisco products, phishing resistant MFA with Talos Threat Intelligence enrichment, identity intelligence for behavioral analysis and access control, cloud-based SaaS delivery eliminating on-premises infrastructure costs, and stable performance with well-planned maintenance windows.

Cisco Duo has not been adopted by a very large set of enterprises compared to competitors like Okta and Azure Entra ID, which represents a significant area for improvement. The overall review rating I would give for Cisco Duo is seven.

Cisco Duo primarily secures our environment.

I appreciate the features that Cisco Duo offers. Cisco Duo's team sent us some questions, for example, about the feature called Identity Intelligence. I have tried using the Identity Intelligence feature and have been working with it. I can confidently say that Identity Intelligence has improved my visibility into identity risk and has helped me make defenses against identity-based threats better.

The main issue with Cisco Duo is dependency. For example, it verifies the subscription with features Duo Push, OTP code, and phone dependency. If you lose or break your phone, users without smartphones will face connectivity issues. There is also integration challenges, support for legacy systems and cloud connectivity, management overhead, and the system can be bypassed by phishing techniques.

To improve these issues, users should be required to confirm a number to approve authentication requests. This would enable disabling auto push and then enable trust-based authentication with new device detection, new location detection, and VPN detection.

Additionally, Cisco Duo is subscription-based depending on the number of users and has a dependency on mobile devices for advanced features. The cost will become expensive for large user accounts. The system requires approve push and either OTP, with push deployments through Duo mobile applications. There is limited offline support, it requires internet connectivity and cloud dependency. Internet outages can cause authentication issues affecting VPN, Windows login, and cloud applications.

I have been using Cisco Duo in my career for three years.

I do see instances of lagging, crashing, or downtime. We used to experience downtime, for example, during code upgradations and OS upgrades on the server, switches, and firewalls. We try to mitigate it, but we need to implement upgrades without downtime. Sometimes the device will not come up after reboot, which can cause downtime.

Cisco Duo performs well regarding scalability. The scalability depends mostly on the number of users. The system has good scalability and can handle more users, more logins, and more locations without performance issues. This depends on the cloud-based, globally distributed infrastructure with no dependency on on-premises services. It can scale from 10 users up to thousands and hundreds of users. The system also has load balancing, high availability, and failover capabilities. A small office can support up to 50 users, while a large office can support more than 10,000 users.

I have contacted customer support regarding Cisco Duo for assistance. The quality and speed of support depend on various factors. For example, when we receive any ticket, we need to assign it to ourselves first and then depend upon the SLA to work on the ticket. We need to resolve it within the SLA timeframe. 

Positive

Regarding Proximity Verification feature, I have seen it in action last year.

Cisco Duo's initial deployment is easy. We need to have a mobile application and need to install it for users on VPN, servers, clouds, cloud applications, and for admins and passwords. We need to have a security policy required and identity source such as LDAP, local users, Active Directory, and Azure AD. We need to have VPN devices for servers and firewalls with HTTP 443 port number. We need to have web applications and cloud applications, and Windows login. We need to have end-user devices for MFA, such as a smartphone and SMS. We need to have synchronization for security policy purposes, licensing, and many other components.

Regarding the pricing for Cisco Duo, it is somewhat expensive. Cisco Duo costs depend on the technology. Up to 10 users, it is free. Premium versions go for dollars, such as $10 per user per account. As the number of members increases, the cost increases. It is very useful to have for multi-factor authentication.

I would rate the return on investment at an 8 or a 9.

I have noticed an increase in phishing attacks in my organization recently. There has been a significant spike in the number of attacks, and they feel more sophisticated, which makes them more difficult to deal with. We used to get phishing attacks through our emails, SMS, WhatsApp, and fake website links. The domain may show a hyphen, for example, Microsoft hyphen login, and attackers will try to send a link. If you click on that link, all our data will be hijacked. We need to protect our devices and environment and should not click any unknown links. That is why we need to enter MFA with valid credentials.

Alternatives to Cisco Duo that we have been using in our organization include third-party applications. We can use Okta and Microsoft SSO, Microsoft Azure MFA, Rublon MFA, Twilio, and PingID from Ping Identity. There is also Secure Authentication and RSA SecurID in the market. There are many third-party alternatives available.

The main issue with Cisco Duo is dependency. For example, it verifies the subscription with features Duo Push, OTP code, and phone dependency. If you lose or break your phone, users without smartphones will face connectivity issues. There is also integration challenges, support for legacy systems and cloud connectivity, management overhead, and the system can be bypassed by phishing techniques.

To improve these issues, users should be required to confirm a number to approve authentication requests. This would enable disabling auto push and then enable trust-based authentication with new device detection, new location detection, and VPN detection.

Additionally, Cisco Duo is subscription-based depending on the number of users and has a dependency on mobile devices for advanced features. The cost will become expensive for large user accounts. The system requires approve push and either OTP, with push deployments through Duo mobile applications. There is limited offline support, it requires internet connectivity and cloud dependency. Internet outages can cause authentication issues affecting VPN, Windows login, and cloud applications.

My overall review rating for Cisco Duo is 8.

Cisco Duo's main use case in my organization has evolved significantly. Originally, I purchased it for multi-factor authentication for remote access. Now I am migrating it to function as an identity provider and to run authentication through Cisco Duo. Previously, it was not authentication; it was only multi-factor authentication. Now I am creating and establishing Cisco Duo as my organization's identity provider.

One of the features I appreciate most about Cisco Duo is that it was relatively easy to set up, although deployment has become more complicated over time. Cisco Duo is very much embedded into other Cisco products such as the firewall and Secure Access.

Cisco Duo's visibility into identity-based risks has improved my ability to manage the security of both human users and non-human agentic identities across my environment by extending our security perimeter beyond our physical network edge. I am pushing identity into the cloud, and with Secure Access and similar tools, I now identify users before they access my LAN or site. This creates another layer of defense, and defense is best implemented through layers. This represents an added layer of protection for my organization.

Cisco Duo can be improved by integration into Security Cloud Control, which would be a significant advantage. Better or easier integration with Secure Access is also needed. Additionally, I would benefit from better propagation of identities across all different security platforms so that I can view events based on users rather than IP addresses. It would be helpful to more easily determine the identity of the user that generated network traffic or alerts, as this would be more effective than current methods. Currently, certain elements remain somewhat siloed. For example, FMC logs do not contain Cisco Duo identity information on the way in. When I have an IP address for an event, it is not easily correlated to the user assigned that IP address. I hope that Cisco Duo can help with this, although this could potentially be an improvement on a separate product.

I have been using Cisco Duo in my organization for approximately six or seven years.

I assess the stability and reliability of Cisco Duo as very positive. I have not experienced any downtime, crashes, or performance issues.

If Cisco Duo were removed, the impact on my ability to manage and secure access across my entire identity ecosystem would be significant. I would have to find another partner because the need would still exist, so I would have to replace it with something else.

I would evaluate customer service and tech support on a scale from one to 10 as seven. I have not had extensive contact with support. I did have to call for support to set up a Cisco Duo proxy server locally, primarily because I am not familiar with Linux and it is a Linux-based server. From what I could recall, the support was adequate. They provided me with procedures on what to do, and I was able to implement it successfully, so I have no issues with the support received.

The response time for support was quick in terms of time efficiency. Since it was not a P1 issue or break-fix situation, they contacted me within a couple of days. The experience was satisfactory.

Prior to adopting Cisco Duo, I was not using another solution to address similar needs. I needed a multi-factor solution on top of username and password, and that is what led to selecting Cisco Duo.

My experience with deployment was that it was fairly easy. The guides that Cisco Duo provided for integration were comprehensive and easy to follow. There were not many occasions when I had to call support.

Cisco Duo has improved my operational efficiency and reduced costs in areas such as authentication, IT support, and security operations. Prior to this implementation, I had multiple sources of identity including LDAP, ICE, and local accounts. My goal is to run everything through Cisco Duo and consolidate these sources, making Cisco Duo the single identity provider. This approach would definitely improve efficiency.

I did not really consider any other solutions when choosing Cisco Duo because my organization's security stack is primarily Cisco from north to south. Cisco Duo integrated natively with the firewall, so there was not really any other option.

The steps my organization has taken to become more resistant to phishing attacks include migrating to non-password-based accounts through OTP passwords and biometrics, and utilizing personalized account or device-based accounts. Even if an account is compromised, a user would need to physically have that device in order to log in. Since there is no password, there is nothing to compromise. My organization is moving toward a passwordless approach.

As my organization adopts and deploys AI agents, I am approaching agentic IAM to ensure these non-human identities are secure, and Cisco Duo plays a role in that strategy. This is something I am currently learning about this year. Cisco's AI guardrails allow me to assign agentic AI credentials and identify what an AI is, tracking their activity, access, and actions. Once I can do that, I can start putting together access policies that target specific AIs. This is new territory for my organization. I am just starting to implement AI agents, and I discovered this capability at Cisco Live, which is promising.

When evaluating my identity strategy, I was looking for a comprehensive identity security platform. Cisco Duo's broader IAM capabilities meet those needs as they tie into Entra and are replacing many of my on-premises identity solutions. Previously, a remote user had to authenticate against a local server already within my environment to gain access, which exposed that infrastructure to outside attacks. Now I am pushing that into the cloud and can depend on Cisco for some of those protections, making the process easier. I would rate this review an eight out of ten.

My main use case for Cisco Duo started with the MFA requirement, but nowadays it has evolved to next-level two-factor authentication and the new features of Cisco Duo. We are using and pushing partners for all of the features.

The feature I like the most about Cisco Duo is push notifications.

I find push notifications beneficial because they are easy, quick, and simple.

An example of how this feature benefits my organization is when last year, Cisco released an announcement that all distributors and partners need to use two-factor authentication for logging into CCW. We were setting up two-factor authentication, and we had two options. Cisco was giving us two options: Cisco Duo or Microsoft MFA. We chose Cisco Duo as a distributor. Everyone started to use Cisco Duo when they were logging in to CCW, and they liked it. After a while, Cisco released another announcement to extend the obligation of Cisco Duo usage for logging in, but most of the people did not stop using it. They liked it and they are still using it.

I think Cisco Duo can be improved by following the competition more closely because there are many vendors who claim they also have an MFA solution and phishing attack solutions. I know Cisco well, but I am not an expert on the other vendors. When we try to sell Cisco Duo for any license, sometimes customers approach us and say that Cisco Duo is expensive compared to competitors or that the features are not as good. Closer competition follow-up would be beneficial.

I would appreciate an additional technical feature for Cisco Duo. I think Cisco has more than 15 security solutions. Sometimes they do combinations and integrations among all of them. Cisco Duo might be able to be integrated into more Cisco solutions. For example, Cisco Duo and Umbrella are kind of sister products. That number of integrations could be increased with other solutions.

From my perspective, the pricing and licensing cost for Cisco Duo is worth it, especially if you are using Advantage or Premier. You will see the difference among all. However, from a customer perspective, most cases are just a need for MFA. They do not know the full capabilities or full features of this kind of solution, so they are just using basic MFA features or push notifications. In that case, Cisco Duo pricing is expensive compared to other simple solutions.

I think you can decrease the essential price for basic scenarios and basic cases.

I have been using Cisco Duo for more than five years.

I have not personally used Cisco Identity Intelligence, but my team is managing Cisco Duo. I have not noticed an increase in phishing attacks in my organization recently, but sometimes it happens. People try to do it, like classic spam or something.

I would say this solution is scalable for the growing needs of an organization because if you know how to use the dashboard and how to monitor it, that is definitely scalable.

For us, I have not used customer service for technical issues very often. There were really rare times when we were struggling with a couple of issues for Cisco Duo, and we opened a case with Cisco.

I remember one time the management tool crashed and kind of froze. We opened the case and they said it was a glitch and it would be resolved. It was good after about 10 or 15 minutes. Another time we could not find how to enable a feature in Cisco Duo dashboard. We asked, and they helped us.

I would rate their customer support as five out of five, or 10 out of 10.

Positive

I have not used another solution before Cisco Duo for this kind of thing.

Actually, the company has a rule for Microsoft Authenticator, but it is just an authenticator. You type the number and you log in. I cannot say it is like Cisco Duo.

I would describe the experience of deploying Cisco Duo as easy because it does not require too much from the customer's side. You do not have to do many things. You do not have to allow many functions or rules. It is not too hard, and it does not take too long.

We have not implemented Cisco Duo end-to-end phishing resistance with capabilities such as proximity verification for our company, but we did for partner environments. My technical team completed that. After that, we did not get any negative feedback, and as far as I know, they are still using it.

I am not sure about the overall return on investment. When we sell Cisco Duo to a customer, it is a subscription model, so they need to renew it, but they are not exactly measuring how many attacks or how many dangers they recover from for their organization. I cannot say if the exact ROI is good or bad because most people are not measuring it. From my perspective, it is definitely worth it.

Cisco Duo has helped reduce my organization's overall authentication-related cost.

I think it saves you at least 20 or 30 percent of your time after you get used to using it.

Looking back at my initial investment in Cisco Duo versus the total value it has delivered over time, I find that we pushed my company to buy it for internal usage. After that, people apart from the Cisco team—we are the Cisco team in Ingram Micro—but apart from our team, the employees in other teams also liked to use Cisco Duo.

Other teams are not different companies. Inside the company, there are some vendor teams, vendor-dedicated teams. We are in the Cisco team. For example, there is an HP team, a Microsoft team, and another team, and they were also using Cisco Duo because of our NFR license, but they liked it.

From my perspective, the pricing and licensing cost for Cisco Duo is worth it, especially if you are using Advantage or Premier.

An example of how this feature benefits my organization is when last year, Cisco released an announcement that all distributors and partners need to use two-factor authentication for logging into CCW. We were setting up two-factor authentication, and we had two options. Cisco was giving us two options: Cisco Duo or Microsoft MFA. We chose Cisco Duo as a distributor. Everyone started to use Cisco Duo when they were logging in to CCW, and they liked it. After a while, Cisco released another announcement to extend the obligation of Cisco Duo usage for logging in, but most of the people did not stop using it. They liked it and they are still using it.

Cisco Duo has strengthened the ability to defend against both phishing and identity-based attacks. I would rate this product a 10 out of 10.

Cisco Duo is for multi-factor authentication for all of our users and securing our assets off-campus.

Cisco Duo has benefited our company overall by giving us the ability to have multi-factor authentication. At the time, we didn't have any other in-house options. While going through the process of identifying a vendor, Cisco Duo was by far the cream of the crop, so we went that direction, and we've been there ever since.

The Verified Duo Push feature is valuable. It gives an extra level of security beyond just the regular push. Before that came out, we had a few instances of people getting compromised, pushing the button because they thought it was something else they were doing, and it turned out to be an attacker compromising their account. We were able to enable that pretty much as soon as it went into production, which drastically cut down on any issues. 

It's been pretty easy. There haven't been too many challenges. It does what it says it does. It's easy. It's straightforward. It's not a hard process to do anything with it. Even though we don't take a lot of advantage of it, there are always new features that are coming out. It shows that Cisco puts time, effort, and development into it.

I would appreciate seeing Cisco Duo improved with a tighter integration with Active Directory to secure not just Remote Desktop to a server, but all the remote levels of connection that you can make to a server. 

Other than that, there can be a better way to onboard users who don't want to use a phone, but that's stretching it because we can do a token or order Cisco Duo tokens, or do FIDO keys.

I have been using Cisco Duo for 10 years.

The problems we've had with Cisco Duo have been very easy to resolve, and the team has been very helpful in providing solutions. It's not one that we've had a lot of challenges with. A couple of times, our Cisco Duo region might have had an issue, but there was very clear communication, and it was resolved pretty quickly. It's been great, and I don't have a lot to say because there haven't been many problems.

Cisco Duo has scaled great with the growing needs of my company. It scales easily because it is just tied into our identity provider, and it grows along with that. I don't have a lot of specific examples because it's just something that's there. It works, it's reliable, and I don't have to think about it too much.

Their team has been very helpful in providing solutions. I would rate the technical service and customer support of Cisco Duo a ten out of ten.

Positive

It was easy. The difficult part was just the culture shift and making people understand why multifactor authentication was important and why we were using Cisco Duo. Even if you're a retired faculty member who doesn't do anything, you still need to protect your account because it's a doorway into our system. We need to make sure it's secured. Once we got through those hurdles and it was adopted, the problems were few and far between.

The implementation involved using Cisco Duo services, specifically the concierge service for onboarding, which was excellent. They provided a lot of information and templates for sending out registrations and notifications of what we were doing. They walked us through any technical challenges, which I don't remember having, so it was all a very smooth and good experience.

From my point of view, the biggest return on investment when using Cisco Duo is the security and the ease of setting it up. It's easy to enroll, the email goes out, and the user can just download the app and set it up. We're not having to provision tokens and email them out or make people come to campus and stand in line to register a device.

My experience with the pricing, setup cost, and licensing of Cisco Duo has been great. We've been there for 10 years. While we haven't gone through the setup part for a while, licensing is straightforward and convenient for higher education because student populations are included. So, we don't have to pay extra for it. We just pay for our knowledge workers, which has been great, and the cost is reasonable.

While using Cisco Duo, we have looked at Microsoft Entra ID because it includes MFA and could probably do the bulk of what we do. However, when we look at it, it doesn't do everything fully, so we still have to keep Cisco Duo. It doesn't make sense to have half our users use that and the other people use Cisco Duo, so we just keep it all in one and use Cisco Duo.

Cisco Duo's reliability is definitely better. The app experience is definitely better. Our test users have had a lot of challenges with Entra ID that our Duo users don't have.

Other than the verified push, my company has not really started using any new features or functionalities in Cisco Duo recently, but we are looking at going to a more zero-trust type of setup. We've been looking at how to leverage Cisco Duo better without hugely increasing the expense of our authentication systems. Currently, we have it integrated with Entra ID and our Active Directory environment. We are looking at how we can expand that out and improve our security on campus.

We have been with various vendors for a complete passwordless environment, and we've tried doing it with Entra ID but have run into challenges with some vendors that still require a password in their SAML authentications. I haven't really validated the Cisco Duo portion of it yet, and I'm not sure what all that entails at this point. I know it can be done, but we haven't implemented it yet.

I would rate Cisco Duo a ten out of ten.