Hello everyone! Here are the release notes for our most recent updates to Duo.
Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
What’s in this release?
New features, enhancements, and other improvements
- Improvements to the Duo Risk-Based Authentication User Interface in the Duo Admin Panel
- Update to Duo Risk-Based Remembered Devices Trust Assessment
- Duo Admin Panel Now Lets Administrators Configure Trash Duration
- Updated Duo Admin Panel Section Lockout and Fraud
- Creating Bypass Codes with the Duo Admin API Now Allows Preservation of a User’s Existing Codes
New and updated applications
- Duo Single Sign-On for BambooHR, FreshDesk, Meraki Secure Client, and Splunk
- Duo Device Health Application Public Beta Version 4.0.1
- Duo Mobile 4.33.0 for Android
- Duo Mobile 4.33.0 for iOS
Bug fixes
New features, enhancements, and other improvements
Improvements to the Duo Risk-Based Authentication user interface in the Duo Admin Panel
- Removed Early Access badge elements.
- Duo Risk-Based Factor Selection banner at the top of the Policies page presents a button to quickly create and explains the benefit of a risk-based factor selection policy.
Update to Duo Risk-Based Remembered Devices trust assessment
- Low trust assessment reasons now include invalid session.
Duo Admin Panel now lets administrators configure Trash duration
- Trash duration, or the number of days before Duo permanently deletes a user account in Pending Deletion status, is now configurable between 1 to 30 days, with a default of 7 days.
- User accounts deleted manually from the Admin Panel, purged for inactivity, or deleted by directory sync first get sent to the Trash (also known as Pending Deletion status).
- Administrators may restore user accounts in Pending Deletion status until the end of the Trash duration period. At that time, Duo permanently deletes the user account.
Updated Duo Admin Panel section Lockout and Fraud
- Updated the label Fraud notification email to Notification email.
- Added context information about what to expect from each Notification email setting.
Creating bypass codes with the Duo Admin API now allows preservation of a user’s existing codes
- To preserve existing bypass codes instead of clearing them the request must specify preserve_existing=true.
New and updated applications
Duo Single Sign-On for BambooHR, FreshDesk, Meraki Secure Client, and Splunk
- There are now named applications to protect the following applications using Duo Single Sign-On, our cloud-hosted SAML identity provider:
- Reminder: Duo Access Gateway will reach end of life in October 2023. Please see the Guide to Duo Access Gateway end of life for more details. If you already use Duo Access Gateway to protect Datadog, try the DAG to Duo SSO application migration process.
Duo Device Health application public beta version 4.0.1 released
-
macOS beta version 4.0.10
- Removed support for macOS versions below 10.15.
- Added support for Palo Alto Cortex XDR detection.
- Fixed an issue that could cause a lag in displaying the most current auto updates enabled/disabled checkbox state.
- Removed dependency on Rosetta.
- Minor improvements and enhancements.
-
Windows beta version 4.0.1
- Added support for Palo Alto Cortex XDR detection.
- Upgraded .NET Framework to version 4.7.2.
- Minor improvements and enhancements.
Duo Mobile for Android version 4.33.0 released
- Added language support for Catalan.
Duo Mobile for iOS version 4.33.0 released
- iOS actionable notifications and Apple Watch now accept Duo Verified Push codes.
- Duo Mobile verification of device trust now shows a warning message when authenticating with an iOS version targeted by the Operating Systems policy Encourage users to update.
- Added language support for Catalan.
- Fixed a Duo Passwordless bug that resulted in blocked single-gesture passwordless authentication attempt by an end-user using Duo Mobile Inline Auth as a second factor when Mobile Trusted Endpoints Policy is set to Require mobile endpoints to be trusted. Under these conditions, the end-user will now receive an MFA push after password entry, instead of a passwordless authentication, to allow completion of second factor authentication. See also the Duo Knowledge Base article: Guide to updated authentication flow for mobile devices managed via Duo Trusted Endpoints
- Duo Authentication Log updated to report correct iOS version information collected from Chrome by the Duo Prompt.