Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.
You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
- Known Incompatibilities with Duo Authentication for macOS and Duo Trusted Endpoints on macOS 12.3
- Updated New User Flow for Duo Device Health Application
- Twice Daily Duo Directory Syncs
- Created Date Added for Administrators
New features, enhancements, and other improvements
Apple released macOS Monterey 12.3 on March 14. The new OS version removes Python 2 as a pre-installed scripting library. This dependency change impacts Duo Authentication for macOS and Duo Trusted Endpoints certificate-based integrations on macOS.
Duo Authentication for macOS
- If you use or plan to use Duo Authentication for macOS, we recommend that you delay installation of macOS 12.3 until we release version 1.1.1 of Duo for macOS. The current Duo installer is not compatible with macOS 12.3, and new installations will fail. If you update a system that already has Duo Authentication for macOS to the recent 12.3 release, then Duo authentication may not function, allowing users to log in without 2FA. In addition, the uninstall Python script will not work. We are preparing an updated installer to add full macOS 12.3 support.
Duo Trusted Endpoints certificate-based integrations on macOS
- We recommend that you delay updates to macOS 12.3 on machines using specific certificate-based Trusted Endpoints integrations for macOS until we release a new certificate enrollment script that is compatible with macOS 12.3. After updating to 12.3, Duo device trust new certificate issuance and existing certificate renewals may fail, which can result in blocked authentications.
- This issue affects the following integrations: the Generic Certificate Deployment and Manual Certificate Deployment for macOS, and the Jamf Pro Managed Devices integration that relies on certificates rather than the Duo Device Health app.
Change to new user enrollment flow when using Duo Device Health Application
- Introduced a minor change to the new user enrollment flow for the Device Health app. Users can now enroll in Duo and install the Device Health app as a single workflow. Previously, these were separate steps. Learn more in this Duo Knowledge Base article.
- Your choice of Device Health policy configuration options will determine the new user enrollment experience for the app.
- With a policy configuration of “Don’t require users to have the app,” you can now select an option in the Duo Admin Panel policy editor to allow users to install the app when they enroll in Duo for the first time via the Duo authentication prompt. Users also have the option to skip the download and do it later. This option to allow users to download the app during enrollment is disabled by default for existing Duo customers.
- With a policy configuration of “Require users to have the app,” users enrolling in Duo for the first time via the Duo authentication prompt will be prompted to install the Device Health app by default. This setting is not configurable by administrators. Users will not be able to skip the download.
Duo Directory Synchronization will now run twice daily
- Directory Syncs for Active Directory, Azure AD, and OpenLDAP will now default to running twice per day (every 12 hours), rather than once per day. Administrators may still initiate an on-demand sync from the Admin Panel or programmatically via the Duo Admin API.
- Added a “Date created” field on the Administrator details page in the Admin Panel. Administrators created before October 2021 will display the message “Before creation tracking began (October 2021).”
New and updated applications
Duo Mobile for iOS version 4.11.0 released
- Beginning with version 4.10.0 and later, end-users can export diagnostic logs in JSON format for use in troubleshooting. Go to Settings > Share Debug Info to copy or save the logs.
- Other miscellaneous bug fixes and behind-the-scenes improvements.
- Miscellaneous bug fixes and behind-the-scenes improvements.
Duo Splunk Connector version 1.1.9 released
- Updated to jQuery 3.5+ for security fixes.
- Updated Splunk-SDK to 1.6.15 to support new version.
- Minor update to the order of policy control evaluation, to provide a consistent experience across all end-user contexts. Note that this change does not affect the result of policy evaluation in cases where multiple policies interact during an authentication attempt; it only adds consistency to the reasons for how policies are applied in those circumstances.