During the initial VPN authentication, users did not receive DUO push to continue with the authentication process.
All VPN/DUO users.
No DUO push prevented users from completing authentication and thus from using VPN.
DUO proxy servers failed to bind with Active Directory, after a security policy rollout to increase the security for AD and client communications.
The change was reverted. We are looking into alternatives to implement this Microsoft recommendation.
Schedule this type of changes during midnight hours or Sunday maintenance windows with a test plan in place.