Rolled out Cisco Duo MFA across VPN, email, and critical apps — locking down access without slowing users down.
The Challenge
After a client-adjacent credential leak, a professional services firm needed to close the identity gap fast. They had SSO for some apps, basic 2FA for others, and nothing at all on a handful of critical internal tools — an inconsistent experience that frustrated users and left obvious attack paths open.
Our Solution
We integrated Cisco Duo as the single MFA layer across the entire stack: VPN, Microsoft 365, RDP, their practice management app, and all privileged admin access. We configured adaptive policies so trusted devices on trusted networks get a smoother flow, and set up self-service enrollment so rollout to every employee took days, not weeks.
The Results
- MFA enforced on 100% of user logins within 10 days
- Adaptive policies reduced MFA prompts for trusted sessions by ~60%
- Full audit trail for every authentication event
- Zero credential-based incidents since deployment