This needs to be able to be completely removed from non-admin security roles so that regular users cannot see the command history that was used.  Good example...  some of our admins have been using the Command feature to update local computer administrative passwords.  We cannot have this visible to regular users.

We need to see duo properly implemented as soon as possible.  We're required to have 2FA for PCI-DSS compliance, and not all of our users have Smartphones.