Thank you for posting this in Microsoft Q&A.
As I understand you have received an email from Microsoft regarding MFA enforcement for all users while access any of the Azure resources. But you already have DUO security as MFA provider.
There is a change in Azure and change is regarding user security. Starting in October 15, 2024, enforcement for MFA at sign-in for the Azure portal , Entra portal and Intune portal will roll out gradually to all tenants. This phase will not impact any other Azure clients, such as Azure CLI , Azure PowerShell and IaC tools. This phase is expected to last until March 2025.
Starting in early 2025, enforcement for MFA at sign-in for Azure Command Line Interface (CLI), Azure PowerShell and Infrastructure as Code (IaC) tools will gradually roll out to all tenants.
For both phases, Microsoft will notify global admins about the expected enforcement date of your tenant(s) by email and through Azure Service Notifications, 60 days in advance. The countdown for enforcement for your tenant(s) does not begin until you have received this first notification from us. Additionally, we will send out periodic reminders to global admins at a regular cadence between the first notification and the beginning of enforcement for your tenant(s).
We will also allow a grace period for select customers with use cases where no workarounds are easily available and who need additional time (beyond the start date of enforcement for their tenants) to prepare for the MFA requirement at Azure sign-in. The first notification from us stating the enforcement date for your tenant(s) will also include a link to apply for the grace period. Additional details on customer types, use cases and scenarios that are eligible for grace period will be included in the notification.
If your Duo MFA security is able to send the MFA claim to Azure post performing secondary authentication, then you can disregard this email. Azure receives an information stating the user as already performed an MFA then Azure will not prompt for MFA again. Sending MFA claim to Azure will be the way for letting Azure know that MFA is already being performed.
You can also add Duo security as external authentication in Entra ID portal. You can follow below instructions,
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.