If you have noticed you are being required to approve a Duo Push, or use your security key more often, this is because of Duo's Risk-Based Authentication (RBA). While RBA is not new to Duo, Risk-Based Remembered Devices was recently added to provide additional security to Duo's Remembered Devices feature by adapting the duration of remembered device sessions in response to risk.
Duo Risk-Based Remembered Devices evaluates each authentication based on its relation to the user's IP address history. Authentications from previously unseen network locations are identified as higher-risk and require reauthentication. 30 days of successful authentications in user activity are considered.
In situations where you move from off to on campus, you move to new locations on campus, or connect to a VPN, your device(s) may connect to a different network and obtain a different IP address. If Duo hasn't seen that IP address on your account in the last 30 days, Duo will require you to establish a new device session by approving a Duo Push, entering a passcode generated from the Duo Mobile app, or verifying with a security key/passkey.