D240: Duo Release Notes for May 13, 2022

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

New and updated applications

Bug fixes

See all bug fixes

New features, enhancements, and other improvements

Duo’s Microsoft AD FS integration now supports the Duo Universal Prompt

End of support for Internet Explorer 11 announced for Duo Admin Panel

  • Effective June 15, 2022, Duo will end support for Internet Explorer 11 for authentications to the Duo Admin Panel. Note that Microsoft has announced plans to end support for all versions of IE on certain operating systems on June 15, 2022. Duo’s web-based traditional prompt and Universal Prompt will continue to support IE 11 after June 15, 2022.
  • Administrators logging in to the Admin Panel on IE 11 will see a message on the login screen notifying them of the end of support date.

Improved UI message flags when Duo Authentication Proxy has a pending update

  • When viewing the configured Authentication Proxies for Duo Single Sign-On, you will now see a message recommending an upgrade when the proxy is out of date.

Renamed generic SAML integration type

  • In the Duo Admin Panel, under Applications > Protect an Application, the application type used to configure a generic SAML application for use with Duo Access Gateway or Duo Single Sign-On has been relabeled from Generic Service Provider to Generic SAML Service Provider.
  • For existing applications configured before D240, the label in the Name column will remain unchanged. The label in the Type column will be relabeled to Generic SAML Service Provider. Applications created after D240 will have Name and Type of Generic SAML Service Provider.

New Duo IP ranges updated after customer deployment upgrades

  • As part of Duo’s ongoing commitment to provide security to customers around the globe, we expanded our deployments to new data centers in India and London.
  • Recommended: Review this Duo Knowledge Base article for best practices and to ensure your firewall allow list permits traffic from the current set of Duo cloud service IP ranges and hostnames.
  • Note that Duo does not recommend locking down your firewall to individual IP addresses because these may change over time to maintain our service’s high availability.

New and updated applications

Duo Authentication for AD FS v2.0.0 for Windows 2012 R2 and later released

  • Duo Universal Prompt support with OIDC standards-based redirects and frameless prompt.
  • Validated support AD FS on for Windows Server 2019 and 2022.
  • The installer now defaults to “fail closed” for net new installations. Upgrades preserve the previous fail mode selection.
  • The installer now defaults to TLS 1.2 communications with Duo’s service when verifying the application information. The silent install workaround for TLS 1.0 required in previous versions is no longer needed.
  • Duo files now use SHA-256 signing.
  • The Duo AD FS support script is now bundled with the installer. Use this script at the direction of Duo Support.
  • Corrected an issue where the Duo for AD FS application’s registry entries may be corrupted after a repair installation.
  • Corrected an issue where the installer created a duplicate registry entry for Duo.

Duo Authentication Proxy 5.7.0 for Windows and Linux released

  • Twisted has been updated to include the fix for CVE-2022-21712.
  • Improved security by signing all Windows Authentication Proxy binaries.
  • Added LimitNOFILE option to the Linux Authentication Proxy systemd init script to maximize authentication performance.
  • Fixed traceback when the last [cloud] section is invalid, which caused Authentication Proxy errors on start.

Duo Device Health application production version 2.25.0 released

Duo Device Health application public beta version 2.25.1 released

Duo Mobile for Android version 4.15.0 released

  • Miscellaneous bug fixes and behind-the-scenes improvements.

Duo Mobile for iOS version 4.15.0 released

  • Miscellaneous bug fixes and behind-the-scenes improvements.

Bug fixes

  • Fixed an Azure Active Directory Sync error when syncing users by username or in batches of eight users or more.
  • Implemented four fixes to Admin Panel bugs deployed with D239:
    • Fixed Missing Required Inputs error that prevented an administrative user from switching MSP sub-accounts under the Admin Panel Accounts tab.
    • Fixed a bug that corrupted the Mail attribute and Source Anchor attribute values when saving changes to the Duo Single Sign-On for Microsoft 365 application.
    • Fixed a user interface bug that prevented configuration of Offline Access Settings when trying to limit access by groups in the Duo for Windows Logon and RDP application.
    • Fixed a user interface bug where adding multiple Map Attributes for Duo Single Sign-On applications (e.g. Generic SAML Service Provider) broke dropdown field formatting.