Your comments

Hi Craig,

After you accept the push request on your phone, you just leave the 2FA field empty in Control and submit; it doesn't check what you put in that field when using Duo.

When you log in and check the "Trust this device" checkbox, it saves the expiration of the trust within the cookie based on the current TrustDeviceExpireDays setting. So the device you clicked "Trust this device" on will be trusted for 30 days. If you set TrustDeviceExpireDays to 0, it disables trusting new devices from that point forward.