Hello everyone! Here are the release notes for our most recent updates to Duo.
Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
What’s in this release?
New features, enhancements, and other improvements
- Now in Public Preview: Require Devices to Be Registered with the Duo Device Health App
- Improved WebAuthn Authenticator Policies
- Risk-Based Authentication Now Provides Clearer Information about Normal Trust Assessment
- New Passwordless Authentication Reporting Available in the Admin Panel
- Adding and Removing Administrator Passkeys Improved in Duo Admin Panel
New and updated applications
- Four New Named Applications with Duo SSO
- Duo Authentication for Microsoft Active Directory Federation Services (AD FS) 3+ for Windows 2012 R2 and Later Version 2.0.1 Released
- Duo Epic for Hyperdrive Version 1.0.1 Released
- Duo Mobile 4.41.0 for Android
- Duo Mobile 4.41.0 for iOS
Bug fixes
New features, enhancements, and other improvements
Now in public preview: Require devices to be registered with the Duo Device Health App to improve security
- Duo Premier and Advantage customers can protect against spoofing attacks by requiring device registration and device identifier verification with the Duo Device Health App,
- Enable this policy in the Duo Admin Panel under Policies > Device registration.
- View and manage devices registered with the Device Health App in the Admin Panel under Endpoints > Registered Devices.
Improved WebAuthn authenticator policies
- Admins can now configure platform authentication policies that don’t permit roaming authenticators, and vice versa.
- Users with trusted sessions established with a WebAuthn prior to this release will need to authenticate a new session.
- Users will need to verify their identity with an enrolled authenticator in order to enroll Touch ID.
Risk-Based Authentication now provides clearer information about normal Trust Assessment
- For Duo Advantage and Premier customers who have applied risk-based policies, the Authentication Log provides more detail in the Trust Assessment column when trust is normal.
New passwordless authentication reporting available in the Admin Panel
- Administrators can now see successful passwordless authentications listed in the Endpoints tab in the Admin Panel.
Adding and removing administrator passkeys improved in the Admin Panel
- Administrators with the Owner role can no longer delete a passkey from an administrator’s profile if it is the only second-factor authenticator enrolled by an administrator.
- When Owners add or delete administrator passkeys via the Administrator tab, the change takes effect without reloading the profile page.
New and updated applications
Four new named applications with Duo SSO
- There are now named applications to protect RingCentral, ISE Admin Logins, NetDocuments, and SolarWinds Service Desk using Duo SSO, our cloud identity provider.
- Reminder: Duo Access Gateway will reach end of life in October 2023. Please see the Guide to Duo Access Gateway end of life for more details.
Duo Authentication for Microsoft Active Directory Federation Services (AD FS) 3+ for Windows 2012 R2 and Later version 2.0.1 released
- Corrects an issue where some Internet Explorer (IE) 11 authentications encountered Javascript syntax errors.
- Corrects an issue in the ADFS-Diag.ps1 support script bundled with the previous release where the application’s client secret value may have been collected with other system information.
- Improved client logging.
Duo Epic for Hyperdrive version 1.0.1 released
- Corrects an issue preventing login when a user’s only Duo authentication method is a hardware token.
Duo Mobile for Android version 4.41.0 released
- Miscellaneous bug fixes and behind-the-scenes improvements.
Duo Mobile for iOS version 4.41.0 released
- Miscellaneous bug fixes and behind-the-scenes improvements.
Bug fixes
- Remember me for 30 days option in the Duo Traditional Prompt now works for Verified Push users.