D250: Duo Release Notes for Sept 30, 2022

Hello everyone! Here are the release notes for our most recent updates to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

New and updated applications

Bug Fixes


New features, enhancements, and other improvements

Duo Multifactor for Okta with the Duo Universal Prompt now in general availability

Duo operating systems policy now considers iOS 16 the latest version

  • iOS operating systems policies configured to take action “if less than the latest” will now Encourage users to update and/or Block in response to 2FA requests or attempts to access protected applications from devices with iOS 15 or earlier.
  • iOS 15 is now considered supported but not up-to-date.

Duo Trusted Endpoints certificate authority update

  • Duo’s cloud PKI provider updated its certificate authority on September 22, 2022.
  • In August 2022, Duo announced it was extending support for device certificates used with Trusted Endpoints for at least another year. The certificate authority update allows Duo to continue issuing certificates used to verify device trust as part of our Trusted Endpoints feature.
  • Certificates issued to Duo Device Authentication after this update will show an Issued by value of Duo Endpoint Validation Issuing CA 2. Certificates issued to Duo Device Authentication before this update will show an Issued by value of Duo Endpoint Validation Issuing CA 1.
  • Active Directory Domain Services integrations that rely on certificates need to be updated in order to continue issuing certificates with a full year of validity. If you do not update these integrations, 1-year certificates that you provision or renew after September 22, 2022 will not have a full 12 months of validity due to the changes to our certificate authority.

Duo Directory Sync from Azure Active Directory now pauses on connection errors

  • The first time Duo’s sync process encounters an Azure connection error, Duo sends a notification email to all Duo administrators with the Owner, Administrator, or User Manager roles and immediately pauses scheduled syncs.

Duo Authenticators Policy name change

  • The Authenticators Policy formerly known as Risk-based authentication is now Risk-based factor selection. The feature as a whole is still known as Risk-Based Authentication.

Duo Admin Panel Applications table now sorts by Type

  • When sorting by Type, Applications will sort secondarily by Name.

New and updated applications

Duo Device Health beta version 3.0.1.0 for macOS and 3.0.1 for Windows released

  • Minor improvements and enhancements.

Duo Mobile for Android version 4.25.0 released

Duo Mobile for iOS version 4.25.0 released

Bug fixes

Fixed two security issues affecting specific configurations of Duo authentication methods and Remembered Devices policies. Before the fix, a user with an established “Remember me” session could have accessed a protected application using an authentication method that was not allowed for that application or by using a previously allowed authentication method that had since been updated in policy by a Duo administrator.

1 Like

The latest version of iPadOS is 15.7 but it’s considered as iOS in the Duo policy settings. So now I have a bunch of iPads that are failing the global policy setting of using the latest version. Is there a plan to get this separated?

2 Likes

Just to follow up on my own post… Duo Support has kindly informed me that a feature request is in progress.

At the moment, iOS 15.7 and iPadOS 15.7 are still being supported by Apple and have the most recent security updates, which is what forms our policy decision in that regard.

That said, I do totally understand the desire to have these options broken out, especially when Apple staggers the releases in this way. There is currently a feature request to break those options out, and I would be more than happy to add your account as a vote on that request to provide that more granular control. Let me know if you would like to have me do so!

1 Like

Thank you for the update, Kevin, I’d connected with Blake who helped with this case. Glad to hear the feature request is in progress

Is there somewhere customers can see and upvote feature requests from other customers? The ipadOS bug is a pretty universal break… :sweat_smile: