惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
WordPress大学
WordPress大学
T
The Blog of Author Tim Ferriss
The GitHub Blog
The GitHub Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 聂微东
A
About on SuperTechFans
Stack Overflow Blog
Stack Overflow Blog
雷峰网
雷峰网
Microsoft Azure Blog
Microsoft Azure Blog
腾讯CDC
爱范儿
爱范儿
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 【当耐特】
V
Visual Studio Blog
有赞技术团队
有赞技术团队
U
Unit 42
D
Docker
小众软件
小众软件
F
Full Disclosure
I
Intezer
Scott Helme
Scott Helme
P
Privacy International News Feed
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
Google DeepMind News
Google DeepMind News
B
Blog
Martin Fowler
Martin Fowler
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Vercel News
Vercel News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Spread Privacy
Spread Privacy
宝玉的分享
宝玉的分享
S
Security Affairs
www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
C
Cisco Blogs
云风的 BLOG
云风的 BLOG
Schneier on Security
Schneier on Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Threat Research - Cisco Blogs
量子位
Hacker News - Newest:
Hacker News - Newest: "LLM"
H
Heimdal Security Blog
N
Netflix TechBlog - Medium
H
Hacker News: Front Page
P
Proofpoint News Feed
G
GRAHAM CLULEY
V
Vulnerabilities – Threatpost
S
Schneier on Security

The Duo Blog

Active Directory security: how to stop modern threats | Cisco Duo Duo + PlainID: Dynamic Authorization Meets Enterprise Identity | Cisco Duo Continuous identity security explained | Cisco Duo Salesforce The modern MFA toolkit: push, biometrics, and security keys | Cisco Duo Cisco Duo Identity Summit Preview | Cisco Duo Duo Brings Identity and Authorization Across AI Agent Gateways | Cisco Duo Passwordless for Microsoft 365 starts with federation Custom Admin Roles: Granular control for every Duo admin Token theft, vendor abuse, and the new identity threat surface How Duo Directory automates user lifecycle management Cisco Systems Named a Customers’ Choice in Gartner Peer Insights™ 2026 Voice of the Customer for Access Management Identity provider resilience: backup and split IdP approaches | Cisco Duo Agentic AI Security: Three Threats Your Team Should Know | Cisco Duo IdP Concentration Risk: Why Single-IdP Dependency Puts You at Risk | Cisco Duo Endpoint Management as an Attack Vector: Lessons from Stryker | Cisco Duo Passwordless authentication without cookies: Duo Push updates Introducing Duo Agentic Identity Solving the double prompt: Better UX with AMR in Duo SSO Simplify compliance with MFA, device trust, and policies Cisco Systems Named a Customers’ Choice in Gartner® Peer Insights™ 2026 Voice of the Customer for User Authentication Why identity-led security matters for MSPs right now The Hitchhiker’s Guide to Shibboleth Launching Active Directory Defense: Strengthen On-Prem AD Security | Duo Security Industry specific IAM for MSPs Duo delivers: 99.99% uptime SLA for every customer
Secure client access at scale with Duo and Meraki | Cisco Duo
Janet Ho · 2026-04-21 · via The Duo Blog

Industry News

Headshot of Janet Ho, Duo Product Team

4 minute read

Many MSPs are helping clients build a stronger security foundation. But getting there isn't always straightforward. It takes time, resources, and alignment across teams. Yours and theirs.

Meanwhile, threats aren't waiting.

Attackers aren't breaking in anymore. They're logging in.

Many of your clients still rely on passwords and legacy access controls that weren't designed for today's attacks that target logins, not systems. Some have MFA in place, but the challenge is coverage and effectiveness. Ensuring it's enforced at the right access points and resistant to modern phishing attacks.

According to Cisco Talos' 2025 Year in Review, VPNs are one of the top identity control points attackers target because VPNs authenticate users with credentials, and credentials get stolen. Without phishing-resistant MFA on the VPN, a stolen password is all an attacker needs to create a fully trusted session and move freely as a valid user. No forced entry. No alerts.

And they're not stopping at the VPN. Talos found that MFA itself is under direct attack: device compromise attacks where attackers fraudulently register their own device as a trusted MFA factor surged 178% in 2025.

That's not a technology failure. That's your clients' exposure.

According to Microsoft's 2025 Digital Defense Report, phishing-resistant MFA blocks over 99% of identity-based attacks, making it one of the most effective controls you can deploy across your client base.

At the same time, expectations are rising.

Your clients are being pushed to adopt stronger access controls as users, devices, and applications connect from everywhere. But in practice, rolling out these frameworks introduces friction. New policies to configure, identity and device signals to align, and controls to integrate across existing systems.

For MSPs, this gets harder at scale.

Managing multiple tenants, stitching together tools from different vendors, and maintaining consistent security policies across client environments increases operational overhead, drives up costs, and pulls focus away from what actually matters: reducing client risk.

This is the gap most MSPs are feeling: high client expectations. Limited capacity.

Ready to take the first step? The Service Creation Guide walks through how to package identity-led access security into a scalable, revenue-generating managed service. If you have clients to bring along, the at-a-glance gives them a quick summary they can act on today.

Cyber insurers are also raising the bar. They're no longer satisfied with checkbox compliance. They expect continuous validation that controls like MFA are actively enforced. Your clients need to demonstrate measurable identity security to maintain coverage and manage premiums. As their trusted security partner, MSPs are on the hook to help them prove it.

So where do you start?

You don't need to overhaul everything. You need to focus on where attackers actually get in. Small steps starting with securing access can reduce client risk today while moving them toward a security model where only the right people get in, without introducing extra work for your team.

If you're looking for immediate traction across your client base, start with the access points attackers rely on most—VPN, Wi-Fi, and administrative systems. Critical access points like Remote Desktop Protocol (RDP) and server logins are often overlooked or inconsistently protected across client environments, especially in hybrid setups. Extending phishing-resistant MFA to these remote desktop and server logins closes another common gap and gives you another high-value control point to offer clients.

Cisco Duo verifies identity using phishing-resistant MFA and adaptive access policies. Meraki enforces access at the network layer.

Together, they secure VPN, Wi-Fi, and administrative access across your clients without adding complexity or slowing your team down.

Here’s what Cisco Duo and Meraki deliver:

Without Duo + Meraki

With Duo + Meraki

Shared credentials across client sites

Duo verifies identity and device trust before granting access

Siloed identity and network data

Correlated audit trails in one place

Complex multi-vendor rollouts

Fast deployment, up and running quickly

Reactive compliance evidence gathering

Exportable logs ready at renewal time

Duo and Meraki give your team clear audit trails, exportable compliance logs, and fast deployment across every client. And with Duo Essentials, you also get passwordless authentication and single sign-on (SSO) — so users get a smoother login experience while your team avoids managing multiple credentials across every client.

This doesn't have to be an all-or-nothing transformation. For your clients, meaningful progress starts with securing how they get in. Lock down access first. Everything else follows.

Frequently asked questions

  • What is phishing-resistant MFA and why do MSPs need it?

    Phishing-resistant MFA uses advanced methods like cryptographic, passwordless authentication (e.g., FIDO2/WebAuthn) or proximity-based verification to block identity-based attacks. These approaches ensure that even if credentials are stolen, attackers cannot bypass authentication. By using extra layers of security, like secure codes or checking if a user is nearby, it ensures only the right people can access sensitive systems, making it essential for MSPs.

  • How do Cisco Duo and Meraki work together to secure client access?

  • Why are cyber insurers requiring phishing-resistant MFA?