D226: Duo Release Notes for October 15, 2021

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New and updated applications

New features, enhancements, and other improvements

Bug fixes

See all bug fixes

New and updated applications

Duo Mobile version 4.0.0 rolling out for iOS and Android

  • A redesigned Duo Mobile is being released October 11 through 15 (for Android) and October 11 through 18 (for iOS).
  • If users have automatic app updates enabled on their device, they will receive the new version of Duo Mobile automatically. They can also update Duo Mobile manually. Duo administrators do not need to take any action to update the app for their users.
  • For more information about the benefits of version 4.0.0, supported OS versions, and a video walkthrough of the new app, refer to this Duo Community post.
  • For updated end-user documentation, refer to our End User Guide for iOS and Android.

Duo Authentication Proxy version 5.5.0 released

  • Updates the Authentication Proxy’s bundled OpenSSL to version 1.0.2x to address the NULL pointer dereference issue described in CVE-2020-1971.
  • Verified on Windows Server 2022.

New certificate-less versions of Duo Trusted Endpoints integrations for iOS released; easier deployment and improved user experience

  • Released new versions of the following Trusted Endpoints integrations for iOS:
  • These new versions remove the need for device certificates, using AppConfig instead. They also introduce a simpler authentication flow for users known as Duo Mobile Inline Auth that removes an extra step for users when interacting with Duo Mobile as part of the device health check.
  • Now that these updated MDM integrations have been released, you will also no longer be able to create new certificate-based versions. While the older certificate-based Trusted Endpoints MDM integrations are still supported, they will eventually reach end-of-life status, planned for the second half of 2022.
  • For instructions on how to update certificate-based integrations to these new versions, refer to this Duo Knowledge Base article.

Duo Device Health application version for macOS and 2.18.0 for Windows released

  • For macOS:
    • Improved certificate management and added certificate reloading when new certificates become available.
    • Minor improvements and enhancements.
  • For Windows:
    • Supports Windows 11.
    • Added collection of Intune ID.
    • Added collection of Instance GUIDs for security agents.
    • Minor improvements and enhancements.

1Password now capable of supporting the Duo Universal Prompt

New features, enhancements, and other improvements

Enhancements to Duo Universal Prompt user self-enrollment flow

  • As part of the public preview of the Universal Prompt, users enrolling in Duo via in-line self-enrollment will now be encouraged to add a second authentication factor in order to have a backup method for logging in. This is a usability improvement from the traditional in-line enrollment experience.
  • Users can skip enrolling a second authentication factor if desired. Available authentication factors are still based on the configured authentication methods policy, as in the traditional prompt.

Frozen browser versions will impact ability of Duo operating systems policy to detect Windows 11 devices; use Duo Device Health app instead

  • With the recent release of Windows 11, major browsers have frozen the reported version for Windows devices at 10.0. This change impacts the behavior of Duo’s operating systems policy for Windows.
  • To enforce a policy of Windows 11 as the most up-to-date OS, we recommend you use the Duo Device Health application, included at no additional cost in Duo Access and Beyond editions. On devices running the Device Health app, OS policy is enforced based on the OS version reported directly by the device rather than the browser’s user agent string.
  • For more information, refer to this Duo Knowledge Base article.

Duo Trust Monitor security events now include labels for known VPN or TOR networks

  • Added labels to IP addresses displayed as part of Trust Monitor security events if they are associated with a known VPN or TOR network.

Bug fixes

  • No bug fixes this release.