D230: Duo Release Notes for December 10, 2021

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

New and updated applications

Bug fixes

See all bug fixes


New features, enhancements, and other improvements

GA timeline announced for Duo Universal Prompt

  • The Duo Universal Prompt, our redesign of Duo’s core authentication experience for web-based applications, is scheduled to become generally available in late January / early February 2022.
  • Administrators can decide when to enable the new prompt for existing applications. The Universal Prompt will be the default experience for newly created applications. You can choose to use the traditional Duo Prompt if you prefer. Note: Not all Duo-protected applications support the Universal Prompt. Refer to our documentation for more information.
  • At GA, the Universal Prompt will provide feature parity for Duo’s MFA and Access editions; Beyond edition endpoint features and policies are still under development. The Universal Prompt will fall back to the current Duo Prompt UI to complete workflows required for Duo Beyond edition features that have not yet been built into the new prompt.
  • The traditional prompt experience and Web SDK v2 applications remain supported through the Universal Prompt preview period and after GA. Duo will communicate well in advance of the end-of-support date, allowing at least 18 months for migration to supported solutions.

Announcing public preview for Duo Passwordless

  • Duo Passwordless is now available for public preview for Duo MFA, Access, and Beyond edition customers in U.S.-based and select international Duo service regions.
  • Duo Passwordless uses biometric platform authenticators and security keys to secure application access without passwords, reducing the risk surface and administrative burden associated with passwords while improving the user experience. Users can log in with a single gesture that provides the security of two authentication factors.
  • Refer to our documentation for more information about public preview, how to set up Duo Passwordless, and the end-user experience.

Duo Mobile activation links can now be sent via email for individual users

  • Administrators now have the option to send Duo Mobile activation links for individual users via email. Previously, these could only be sent via SMS for individual users. This setting appears in the Duo Admin Panel under 2FA Devices > Phones > Activate Duo Mobile.

New report for monitoring a Duo Device Health app rollout

  • Added a new report in the Duo Admin Panel at Reports > Device Health Deployment to allow administrators to monitor the progress of a Device Health app rollout. The report includes such details as:
    • Proportion of authentications with and without the Device Health app.
    • Number of eligible endpoints with and without the Device Health app.
  • In addition, new versions of the Device Health app were released for macOS and Windows. See the next section for details.

New and updated applications

Trusted Endpoints for Microsoft Intune with Device Health now generally available

  • Intune with Device Health uses the Duo Device Health application to verify device trust on Intune-managed Windows endpoints without reliance on device certificates. When users authenticate to applications protected with Duo’s browser-based prompt, Duo matches the device information reported by the Device Health app with managed device information obtained from Intune via API.
  • Note: The Device Health app is not currently able to collect device identifiers from Autopilot devices. Do not use Windows Autopilot to enroll or refresh the devices on which you want to check for device trust with the Device Health app. Intune devices that are set up with Windows Autopilot will be supported in a future version of the Device Health app.
  • For instructions on migrating from Trusted Endpoints certificates to Trusted Endpoints with the Device Health app, refer to this Duo Knowledge Base article.
  • With the release of Device Health support for Intune, you can no longer create new certificate-based Intune integrations. Duo continues to support existing Intune Windows certificate deployments and will do so until the integration reaches end-of-life status, planned for the second half of 2022.
  • In addition, the instructions for configuring Intune integrations have been updated to specify a narrower scope of API permissions for Azure Active Directory than previously required. Previously created integrations do not need to be adjusted.

Duo Unix version 1.11.5 released

  • Adds support for Debian 11.
  • Ends support for Debian 8 and CentOS. Functionality of existing installations of earlier Duo Unix releases on these operating system versions unaffected.
  • Fixed MOTD display for non-interactive sessions.
  • The support tool now also collects the sudo PAM configuration file.
  • Updated pinned certificates.

Duo Mobile for iOS version 4.4.0 released

  • Various behind-the-scenes improvements and minor bug fixes to enhance your authentication experience.

Duo Mobile for Android version 4.4.0 released

  • Various behind-the-scenes improvements and minor bug fixes to enhance your authentication experience.

Duo Device Health application version 2.20.0.0 for macOS and version 2.20.0 for Windows 10 released; plus public beta releases version 2.20.1.0 for macOS and version 2.20.1 for Windows

  • For macOS:
    • Minor improvements and enhancements.
  • For Windows:
    • Disabled online Windows update check by default.
    • Fixed an issue causing opt-in of automatic check for updates despite setting the registry key to disable automatic check for updates before the app was first installed.
  • Public beta release for macOS:
    • Added retry functionality when the app fails to post health data.
  • Public beta release for Windows:
    • Updated button styling in the DuoConnect UI.
    • Added fallback detection of Intune ID to support Autopilot.
    • Updated DuoConnect error logging to reduce the amount of logs produced.

Bug fixes

  • No bug fixes this release.