Installing Duo disables all other installed logon credential providers. Windows smart card logon provider can be enabled in the Duo installer, but other credential providers are hidden. FAS Credential Provider needs to be manually whitelisted in Duo to skip Duo authentication.

Reference: Can I enable other credential providers after installing Duo Authentication for Windows Logon?

"Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it."

"Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items."

Add this Registry to the VDA.

Location: HKEY_LOCAL_MACHINE\SOFTWARE\Duo Security\DuoCredProv

Type: REG_MULTI_SZ

Name: ProvidersWhitelist

Data: {81C8E4DC-B376-4D88-BCCD-BD0DD65BEE2B}

This is the CitrixMirrorCredentialProvider listed under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.

Caution! Refer to the Disclaimer at the end of this article before using the Registry Editor.

If Duo Authentication for Windows Logon is installed on the VDA, FAS doesn't work. FAS events are not generated on the VDA and an authentication prompt is displayed at launch.