Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

• Duo’s Microsoft AD FS Integration Now Supports the Duo Universal Prompt
• IE 11 End of Support Announced for Duo Admin Panel
• Improved UI Messaging for Duo Authentication Proxy Updates
• Renamed Generic SAML Integration Type
• New Duo IP Ranges Updated After Customer Deployment Upgrades

New and updated applications

• Duo Authentication for AD FS v2.0.0 for Windows 2012 R2 and later
• Duo Authentication Proxy 5.7.0
• Duo Device Health Application Production Version 2.25.0 for macOS and Windows
• Duo Device Health Application Public Beta Version 2.25.1 for macOS and Windows
• Duo Mobile Version 4.15.0 for Android
• Duo Mobile Version 4.15.0 for iOS

Bug fixes

See all bug fixes

New features, enhancements, and other improvements

Duo’s Microsoft AD FS integration now supports the Duo Universal Prompt

• As of May 12, 2022, Duo integration with Microsoft Active Directory Federation Services (version 3.0 and later) supports the Universal Prompt.
• The Universal Prompt is Duo’s next-generation authentication innovation, providing an MFA experience for web applications that is more secure, easier to use, and brand customizable. Learn more about how end-users experience the Universal Prompt, and our Duo Universal Prompt Update Guide.
• Existing AD FS applications now show the “App Update Ready” label, and newly-created AD FS applications have Universal Prompt enabled by default.
• Install Duo Authentication for AD FS v2.0.0 for Windows 2012 R2 and later to experience the Universal Prompt during AD FS logons.

End of support for Internet Explorer 11 announced for Duo Admin Panel

• Effective June 15, 2022, Duo will end support for Internet Explorer 11 for authentications to the Duo Admin Panel. Note that Microsoft has announced plans to end support for all versions of IE on certain operating systems on June 15, 2022. Duo’s web-based traditional prompt and Universal Prompt will continue to support IE 11 after June 15, 2022.
• Administrators logging in to the Admin Panel on IE 11 will see a message on the login screen notifying them of the end of support date.

Improved UI message flags when Duo Authentication Proxy has a pending update

• When viewing the configured Authentication Proxies for Duo Single Sign-On, you will now see a message recommending an upgrade when the proxy is out of date.

Authentication Proxy2862×1446 317 KB

Renamed generic SAML integration type

• In the Duo Admin Panel, under Applications > Protect an Application, the application type used to configure a generic SAML application for use with Duo Access Gateway or Duo Single Sign-On has been relabeled from Generic Service Provider to Generic SAML Service Provider.
• For existing applications configured before D240, the label in the Name column will remain unchanged. The label in the Type column will be relabeled to Generic SAML Service Provider. Applications created after D240 will have Name and Type of Generic SAML Service Provider.

New Duo IP ranges updated after customer deployment upgrades

• As part of Duo’s ongoing commitment to provide security to customers around the globe, we expanded our deployments to new data centers in India and London.
• Recommended: Review this Duo Knowledge Base article for best practices and to ensure your firewall allow list permits traffic from the current set of Duo cloud service IP ranges and hostnames.
• Note that Duo does not recommend locking down your firewall to individual IP addresses because these may change over time to maintain our service’s high availability.

New and updated applications

Duo Authentication for AD FS v2.0.0 for Windows 2012 R2 and later released

• Duo Universal Prompt support with OIDC standards-based redirects and frameless prompt.
• Validated support AD FS on for Windows Server 2019 and 2022.
• The installer now defaults to “fail closed” for net new installations. Upgrades preserve the previous fail mode selection.
• The installer now defaults to TLS 1.2 communications with Duo’s service when verifying the application information. The silent install workaround for TLS 1.0 required in previous versions is no longer needed.
• Duo files now use SHA-256 signing.
• The Duo AD FS support script is now bundled with the installer. Use this script at the direction of Duo Support.
• Corrected an issue where the Duo for AD FS application’s registry entries may be corrupted after a repair installation.
• Corrected an issue where the installer created a duplicate registry entry for Duo.

Duo Authentication Proxy 5.7.0 for Windows and Linux released

• Twisted has been updated to include the fix for CVE-2022-21712.
• Improved security by signing all Windows Authentication Proxy binaries.
• Added LimitNOFILE option to the Linux Authentication Proxy systemd init script to maximize authentication performance.
• Fixed traceback when the last [cloud] section is invalid, which caused Authentication Proxy errors on start.

Duo Device Health application production version 2.25.0 released

• macOS production version 2.25.0.0
  • Minor improvements and enhancements.
• Windows production version 2.25.0
  • Fixed detection of Sophos Anti-Virus and Sophos Intercept X.
  • Fixed a bug in which Device Health failed to detect the firewall when the WindowsFirewall\StandardProfile registry key was present.
  • Minor improvements and enhancements.

Duo Device Health application public beta version 2.25.1 released

• macOS public beta version 2.25.1.0
  • Added support for silent updates, a feature that enables the Device Health application to update itself without the need for local administrative privileges, password entry, or clicking through an install wizard.
• Windows public beta version 2.25.1
  • Added support for silent updates, a feature that enables the Device Health application to update itself without the need for local administrative privileges, password entry, or clicking through an install wizard.
  • Fixed a bug in which Device Health failed to detect the firewall when the WindowsFirewall\StandardProfile registry key was present.
  • Fixed issue with DuoConnect integration

Duo Mobile for Android version 4.15.0 released

• Miscellaneous bug fixes and behind-the-scenes improvements.

Duo Mobile for iOS version 4.15.0 released

• Miscellaneous bug fixes and behind-the-scenes improvements.

Bug fixes

• Fixed an Azure Active Directory Sync error when syncing users by username or in batches of eight users or more.
• Implemented four fixes to Admin Panel bugs deployed with D239:
  • Fixed Missing Required Inputs error that prevented an administrative user from switching MSP sub-accounts under the Admin Panel Accounts tab.
  • Fixed a bug that corrupted the Mail attribute and Source Anchor attribute values when saving changes to the Duo Single Sign-On for Microsoft 365 application.
  • Fixed a user interface bug that prevented configuration of Offline Access Settings when trying to limit access by groups in the Duo for Windows Logon and RDP application.
  • Fixed a user interface bug where adding multiple Map Attributes for Duo Single Sign-On applications (e.g. Generic SAML Service Provider) broke dropdown field formatting.