Cisco Duo - Advantage Edition

We are a tax consulting firm, so we help people file their tax, we help with payroll and all those things. We keep people's confidential information, so security was a critical thing for us and we wanted to make sure that people's data that they trust us with are safe with us. Security was a concern and that's why we implemented Cisco Duo . There were a lot of other security things that we have implemented down the line since, for the past two years, a lot in Microsoft Defender, Cisco is one of them, application control. A lot has been rolled out in recent times and Cisco Duo  is one of those.

Cisco Duo just works. The solution is great. We use it to log in to computers. When users are putting in their password, they are prompted for Cisco Duo authentication, and then based on the one they choose, either SMS passcode, Duo push, or call, they accept the push or the authentication prompt and then they are in. What I appreciate about it is that it works. Since we onboarded it, since we started using Cisco Duo, we have never had any operational glitch. There was only a case where we received an email that a particular device was running a version that would soon stop working and it was on a Mac. I reached out to them because when I got the email, I needed to follow up and they quickly assisted me and showed me what to do from the portal. We have not had any challenge. That is one thing I appreciate about them; it is always running. We have never had any glitch or situation where people are unable to get into their laptop because it is a little bit delicate in the sense that people may log in with their password and then if they don't have their phone, because the phone is the mode of authentication. If you don't have your phone with you, you could be logged out of your computer. However, they have a way around it, which is a good thing. The way around it is that you can do bypass. So they have a solution for every issue that may arise.

Cisco Duo's pricing is cheap. Cheap is relative, but I would say it is way less compared to Okta, its direct competitor. The price point is really good for small and medium-sized companies. For more established larger organizations that don't care about cost, they can always go for Okta.

One issue I see is when the device is offline. When the device is offline, sometimes people struggle to get in. If they don't have internet access on their device and Cisco Duo push works with internet access and connectivity, it sends a push to the cell phone. If the cell phone is offline, they are not able to get in. In that case, they need to find a way to reach out to the help desk or IT for IT to bypass them or find a solution. The reason why I don't see that as a big deal is because it is the way it is designed. Everything needs internet to work. It is not the fault of the developers that the users don't have internet on their device. The only thing is, maybe if they can probably innovate that area where regardless of internet access on your device or not, you are still able to get in. Or you still get that push or however you still get the prompt on the device, on your cell phone to be able to log in. We have seen a couple of tickets where people don't have internet access, maybe someone is in airplane mode or they are in a hotel and they cannot get into the hotel WiFi on their laptop. Because of that, if they are not registered for offline access, they don't get into their laptop.

When we started, I remember if you tried to put in your password, then in a couple of seconds you would get a Cisco Duo push on your phone and then once you approved, it would take you in. I remember when we started, sometimes when the Cisco Duo push got to your phone, if you did not accept it within sixty seconds, it would ask you to repeat that process again. I think that time frame, if it can be reduced to like two minutes, would be great. I know it is for security reasons, since OTPs expire within a very short time frame. But for it to invalidate after sixty seconds, I think it is too short. Sometimes your phone might not be with you. Sometimes your phone might be in the other room and you are looking for it. So you put in your password and you are expecting to accept the prompt in sixty seconds. So if that can be maybe put to like ninety seconds or more, that could be good.

I have been using Cisco Duo for approximately two years and a few months.

For what we use, for the piece that we use, I do not see anything that is bad, to be candid. I have not spoken with anyone and I am not influenced by any interest, but it is just the reality. I am the SME for this product. I implemented the solution, so I know it inside and out and we have not had any issues. For the use case, I don't know about every other function they have, every other function such as SSO , which we did not purchase. It is a higher level license which we did not purchase. I don't know how that works. But for what we use it for, there is no negative.

I would say it is not much of a problem. That is why I didn't mention it in the beginning. The reason is because they still have a solution for that. But the way they work, I understand the product very well. So people can opt in for SMS passcode and they can opt in for Cisco Duo mobile app. So if anyone is using Cisco Duo mobile app, all they need to do to alleviate that offline problem or difficulty is they just need to set up offline access on that mobile app. Because on the app, you have the ability to set up offline access. So if you set up offline access, that means that if you try to log into your laptop and there is no internet access on the laptop, it will default to the offline mode automatically. On the laptop, it will ask you for an offline code, which you have set up on the mobile app. So in that case, you are able to generate a code on the mobile app and then log in. But the only area where that could be a problem is if the people opt not to get the mobile app. So for the people who are using, who enroll for SMS code only, they cannot get into their laptop. So that is the only thing. But then, Cisco Duo has a solution for that. So it is not much of a problem. It is only a problem if someone refuses to download the mobile app and they opt for SMS authentication only.

Scalability depends on the number of users that you have. Currently we are less than five hundred employees and our license, so if we need to increase our license, we can always reach out to Cisco Duo and they will increase our license. I remember we reached our threshold for the number of licenses we purchased last year and we had to buy more licenses. We increased. So that is scaling for me. As we grow, we requested more license and it was really smooth. After the first year, when we wanted to renew our license, we had to buy more. So that is scaling for me. And as we grow and we need to as we grow, I think it is easier for us to just scale along based on our need. So we have done that last year and it was seamless. There was no glitch, there was no issue after getting more licenses. Everything just runs smoothly.

The speed is really great. We have direct access to call. When we call them, they usually pick up and they give us insight and solutions. A lot of times, and once after the call, they send a follow-up article. And of course, they also have those articles online. Even when we did the onboarding, we had access to online documentation that are really good. I have called them several times. The last time I called them was when we received the email to upgrade the versions on the Mac devices. So they gave us help and they sent a follow-up article after the call. So they are always reachable. We have a direct line to them and when they call, they do some form of verification, ask us if we are an admin on the portal, we say it and then they send a Cisco Duo push to our device just to confirm our identity.

When we onboarded Cisco Duo, we had a choice to choose between Cisco Duo and Okta. Our IT director was the one who introduced it. When he joined, I think two years before I joined, and when I joined, I was the one who led the project. He liked Okta because he used it in his past company where he worked before and he wanted us to use Okta. He introduced it to us, but we looked at both, and the reason why we chose Cisco Duo was the price point. Cisco Duo was way cheaper and we are a small company trying to cut costs. So we had to choose Cisco Duo. When we did comparisons, I think both actually do the same thing. It is just acceptability, just as AWS  versus Azure . We feel Okta has more visibility, more market share. But I have not used Okta, but I know that both do the same thing. They are competitors.

It actually was easy. Comparing with Okta, we had a call, onboarding call with Okta. They showed us the products, we appreciated it, and then the cut-off moment was the pricing. I did not try to implement Okta, but my work setting up Cisco Duo was really straightforward. We had thirty days trial period and we were on calls with the onboarding team. They helped us, walked us through the process and then I think we were able to set it up in two weeks. I started doing the testing, the enrollment, enrolled a few individuals, enrolled my test devices. The onboarding process was quite easy. We had thirty days trial so we were able to run tests before going live.

I have worked with the implementation team many times.

We were only looking at MFA. The reason why is because we first of all considered Windows Hello for Business that allows people to just log in with passwordless authentication where you just put your face and it logs them in. But our IT director felt that just one single authentication is not enough, and we want two. So that was the only thing we were looking for, not anything else. But when we started the onboarding process, I recall the Cisco Duo team trying to sell other aspects to us such as single sign-on. But we didn't feel the need for that because we already have our Azure  Identity Provider. We use our Azure and we run a hybrid environment. Microsoft is already handling our authentication process in terms of identity, and they were our identity provider. So we didn't want to bring in another third party. And again, that came at an additional cost. So maybe if we had the financial means or financial buoyancy, maybe we could have looked at other features. But that was the only thing that made sense to us. We just wanted to have a second form of authentication other than the password. The Cisco Duo team trying to sell other aspects to us such as single sign-on. But we didn't feel the need for that because we already have our Azure Identity Provider. We use our Azure and we run a hybrid environment. Microsoft is already handling our authentication process in terms of identity, and they were our identity provider. So we didn't want to bring in another third party. And again, that came at an additional cost. So maybe if we had the financial means or financial buoyancy, maybe we could have looked at other features. But that was the only thing that made sense to us. We just wanted to have a second form of authentication other than the password. I would rate this review as a nine.

I have been using Cisco Duo  for around two to three years, mainly in my work related to networking and security operations.

My main use case for Cisco Duo  is multi-factor authentication and secure access management. Day-to-day, I use it to securely log into company VPNs, internal dashboards, and cloud applications. For example, when accessing network devices or remote systems, it sends a push notification to my phone for verification before granting access.

The best features of Cisco Duo are multi-factor authentication, single sign-in, passwordless authentication, device trust, and risk-based authentication. It adds extra checks based on the risk of location.

Risk-based authentication and device trust help us reduce security risk without slowing users down. Risk-based authentication flags unusual logins and adds extra verification only when needed. It ensures only compliant and secure devices can access internal systems. Overall, it improves security while keeping normal logins fast and seamless.

Cisco Duo has improved our security posture significantly by reducing unauthorized access attempts. We have also seen faster and more consistent security logins, fewer password-related issues, and less dependency on IT for access problems. Overall, it made remote access more secure and efficient.

Cisco Duo has helped mainly in IT support efficiency and authentication overhead. We have seen fewer password reset requests and account lockout issues, which reduces help desk workload. It also saves time in security operations because access decisions are automated through MFA and policy rules instead of manual checks.

A few areas of improvement for Cisco Duo are device re-enrollment could be simpler when users change phones, faster troubleshooting tools for login issues, and push notifications could be more reliable in low network situations.

I have been working in my current field for almost three years.

Cisco Duo's scalability is pretty good. There is a clear positive ROI, mainly in productivity and support cost savings. We saw fewer password reset tickets with a reduced IT workload.

Customer support is generally good but can be inconsistent depending on the issue and support tier, with slow responses for complex and escalated cases. The experience is variable depending on the support engineer. Overall, support is generally reliable and helpful for setup and day-to-day issues.

Previously, we mainly relied on password-only authentication, basic Active Directory logins, and some simple OTP-based tools.

If Cisco Duo were removed, the biggest impact would be a significant drop in security and an increase in login risk.

I am not directly involved with that, but setup was fairly smooth with minimal upfront cost, and licensing scaled based on user count, so it must be cost-effective.

There is a clear ROI, mostly in time savings and reduced support effort, even if it is not always tracked as a single dollar figure. We have seen fewer help desk tickets, faster login rates, and reduced security incidents.

We evaluated a few MFA solutions before choosing Cisco Duo, including Microsoft Authenticator , Entra ID MFA, and Okta Verify.

The biggest impact has been a stronger security posture with simpler user access. We have reduced unauthorized risk through MFA and device checks while keeping logins fast and consistent for users. It also improved operational efficiency by cutting down password-related support tickets and reducing manual access issues for IT.

We have strengthened phishing resistance mainly through MFA enforcement, conditional access policies, and user awareness training. Cisco Duo helps us by requiring multi-factor authentication for every login. So even if credentials are stolen, access is blocked without the second factor. We also use its device verification and risk-based prompts to stop suspicious login attempts early.

It has improved noticeably. With Cisco Duo, we can detect suspicious logins faster through risk-based alerts. Compromised credentials are less effective because MFA blocks access even if passwords are stolen. It has also improved response time since admins can quickly deny access or review login activity in real-time.

I would rate this review a 9 out of 10.