Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

• Public Preview for a Redesigned Duo Mobile
• Successful Authentications in Trust Monitor
• Ability to Pause Directory Syncs
• Change to Operating Systems Policy
• Display of non-ASCII Characters in Emails
• New Device Identifier Fields for Admin API

New and updated applications

• Duo Mobile for iOS Version 3.58.0
• Duo Mobile for Android Version 3.58.0

Bug fixes

See all bug fixes

New features, enhancements, and other improvements

Announcing public preview for Duo Mobile version 4.0.0

• Sign up to preview a completely redesigned Duo Mobile experience.
• Learn more in this Duo Community post.

Anomalous events that contain successful authentications now flagged in Duo Trust Monitor

• Trust Monitor, a threat detection feature, now surfaces when anomalous events contained successful authentications.
• The details for a security event of this type will list a potential cause of Granted Authentication In Sequence.
• Learn more in this related Duo blog post. Note that this feature was added to Trust Monitor in D217.

Scheduled directory syncs can now be paused and resumed later

• Added the ability to pause and then resume scheduled directory syncs for Active Directory, Azure AD, and OpenLDAP. Note that when scheduled syncs are paused, users are still treated as synced and cannot be edited.
• For Azure directories, in addition to manual pause/resume, Duo will continue to automatically pause syncs when we detect that the sync needs to be reauthorized. Reauthorization will continue to automatically resume syncs.

Change to operating systems policy behavior for applications that do not report OS version information

• Authentications from applications that do not report OS version information in the user-agent string will no longer be blocked when the operating systems policy is set to Block versions > Static versions.

Improvements to display of non-ASCII characters in email addresses

• Email addresses for Duo administrator and users that use non-ASCII characters will now be displayed in human-readable form in the Duo Admin Panel.

Endpoint records retrieved via the Duo Admin API now contain additional device identifier fields

• Endpoint records returned by /admin/v1/endpoints now contain the following new fields:
  • computer_sid
  • cpu_id
  • device_id
  • device_udid
  • domain_sid
  • hardware_uuid
  • machine_guid
• The fields will return an empty string if no value was collected.
• macOS endpoints will also have an identifier in the hardware_uuid field from either the Duo Device Health application or from certificates provided by Trusted Endpoints integrations.
• Windows endpoints will have an identifier in cpu_id, computer_sid, domain_sid, and machine_guid fields from the Device Health app if used. The LANDESK and Generic Windows Trusted Endpoints integrations will also populate the cpu_id field.
• Note that the machine_guid is now the primary identifier for Windows devices, and will be preferred when attempting to match an endpoint during an authentication.

New and updated applications

Duo Mobile for iOS version 3.58.0 released

• Various behind-the-scenes improvements and minor bug fixes to enhance your authentication experience.

Duo Mobile for Android version 3.58.0 released

• Various behind-the-scenes improvements and minor bug fixes to enhance your authentication experience.

Bug fixes

• Fixed a bug in which device health checks where a non-blocking Device Health app policy was present could prevent users from successfully completing second-factor authentication.