Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.
You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
What’s in this release?
New features, enhancements, and other improvements
- New Duo Mobile SMS URL Reactivation in Duo Universal Prompt
- Duo Admin Panel Option for Universal Prompt Email Enrollment Experience
- Deleting End-user Devices Now Revokes Remembered Devices Application Sessions
- New User 2FA Device Enrollment in the Duo Central Self-Service Portal
- Duo Marked Windows 10 20H2 End-of-Life in OS Policy on June 14, 2022
- End of Support for Internet Explorer 8 and Older Firefox Versions in the Web-Based Authentication Experience
New and updated applications
- Duo Device Health Application for macOS Production Version 2.27.0.0
- Duo Device Health Application for Windows 10 and 11 Production Version 2.27.0
- Duo Device Health Application for Windows 10 and 11 Beta Version 2.27.1
- Duo Mobile 4.19.0 for Android
- Duo Mobile 4.19.0 for iOS
Bug fixes
New features, enhancements, and other improvements
New Duo Mobile SMS URL reactivation in Duo Universal Prompt
- End-users reactivating Duo Mobile for a new or factory reset device can now receive a unique reactivation URL by SMS instead of a 6-digit code. Administrators can enable this feature in the Duo Admin Panel by enabling the self-service portal and SMS as an authentication method.
- End-users trying to authenticate with a new device will have an opportunity to self-enroll when the Duo Push authentication times out or from the Universal Prompt Open Duo Mobile page. The end-user clicks Need help? to open the self-service portal, or I got a new phone to go directly to device reactivation:
- Under How can we help? in the self-service portal, the end-user clicks Activate Duo Mobile:
- If the end-user clicks Text me a link, the Universal Prompt presents the Check your phone page.
- Duo sends an SMS with this text: Link to activate Duo Mobile: reactivation_url Didn’t request? Please tell your IT admin. When they load the reactivation_url, Duo Mobile is reactivated on their device, and the authentication is completed.
- If the end-user clicks I got a new number, the Universal Prompt presents the New number? page. Clicking Continue opens Device Management where the end-user can enroll a new device:
Duo Admin Panel option for Universal Prompt email enrollment experience
- Under Admin Panel > Settings > User Communication > Enrollment email, the new Enrollment experience toggle lets administrators opt in to the Universal Prompt user experience when end-users load their email enrollment link.
- For customers who signed up before June 2022, the default is set to show the traditional prompt. For customers who sign up after June 2022, the default is set to show the Universal Prompt.
Deleting end-user devices now revokes remembered devices application sessions
- When an administrator deletes an end-user device, Duo revokes the end-user’s Remember me for and Trust this browser sessions. Applications will require 2FA for the user the next time they log in.
New user 2FA device enrollment in the Duo Central self-service portal
- Added an Admin Panel option to Allow unenrolled users to enroll 2FA devices into Duo when the New User Policy is set to “Allow Access without 2FA”.
- If a user has the New User Policy Allow Access without 2FA applied to them and attempts to manage their devices, Duo will create a fully enrolled new user and send them to the Universal Prompt device management portal where they can enroll an authentication device.
Duo marked Windows 10 20H2 end-of-life in OS policy on June 14, 2022
- Microsoft announced that Windows 10 Home and Pro version 20H2 has reached end of servicing status in May 2022, and will no longer receive security updates.
- If users log into your protected applications from devices with Windows 10 Home or Pro version 20H2 installed, review your operating systems policy to determine whether users will be warned or blocked from authentication.
End of support for Internet Explorer 8 and older Firefox versions in the web-based authentication experience
- Beginning June 30, 2022, Duo no longer supports these browser versions for our web-based authentication experience:
- This includes logins to the traditional web-based Duo Prompt or via Duo Access Gateway or Duo Single Sign-On.
New and updated applications
Duo Device Health Application for macOS production version 2.27.0.0 released
- Fixed detection of Bitdefender.
- Expanded port range to reduce communication issues with the app.
- Added support script to aid in troubleshooting.
- Minor improvements and enhancements.
Duo Device Health Application for Windows 10 and 11 production version 2.27.0 released
- Fixed an issue that could cause the app to crash in certain environments.
- Expanded port range to reduce communication issues with the app.
- Added support script to aid in troubleshooting.
- Minor improvements and enhancements.
Duo Device Health Application for Windows 10 and 11 beta version 2.27.1 released
- Fixed an issue with collecting device identifiers that could cause health checks to fail.
Duo Mobile for Android version 4.19.0 released
- Miscellaneous bug fixes and behind-the-scenes improvements
Duo Mobile for iOS version 4.19.0 released
- Miscellaneous bug fixes and behind-the-scenes improvements
Bug fixes
Duo Admin Panel
- The administrator actions log report for the Duo directory synchronization actions Added directory for sync, Deleted Directory, Azure Active Directory sync created, and Azure Active Directory deleted will no longer include the attributes Vacuum lock and Is setup complete.
- Fixed a privilege escalation vulnerability that allowed an administrator with the Billing role to become an effective Owner by downgrading to the Duo Free edition if the account had fewer than 10 users.
- Fixed a bug that omitted User-Agent Client Hints information about the authenticating OS from the Authentication Log.
