Duo Release Notes for May 8, 2020

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New and updated applications

New features, enhancements, and other improvements

Bug fixes

See all bug fixes


New and updated applications

Duo Authentication for Windows Logon and RDP 4.1 released

  • Added support for User Elevation, enabling administrators to configure Duo Authentication for Windows Logon to prompt for MFA on credentialed UAC elevation attempts. You can choose to enable User Elevation by selecting the “Enable UAC Elevation Protection” box during installation. Additionally, configuration options are provided to control Offline Access for UAC Elevation.
  • The GPO template has been updated to include User Elevation configuration options.
  • Our installer for this configuration is now signed using SHA-256.
  • Additional bug fixes and security enhancements.

Applications added for the public beta of Duo Single Sign-On

New features, enhancements, and other improvements

Microsoft Intune integration added for Duo Trusted Endpoints

  • Duo Trusted Endpoints now integrates with Microsoft Intune. This integration allows Duo administrators who manage their device fleet with Intune to use Duo’s Trusted Endpoints policy to check if an iOS, Android, or Windows device is managed by Intune at the time of access and manage access accordingly.
  • This integration is available to customers on the Duo Beyond plan.

Improvements to Directory Sync

  • If the group membership of a synced user has changed, a directory sync will now apply those group membership changes even if there is an error saving that user’s attributes.
  • If the username value imported from Active Directory or OpenLDAP into Duo changes, the Duo username will now be updated accordingly. Previously, changing the username attribute value created a new user in Duo and put the previous user associated with that account name in the Trash.
  • The “Save Directory” button that appears at the top of a Directory Sync configuration page will now be disabled and labeled “No Changes” if no changes have been made on the page.
  • The “Delete Directory” button will now appear at the top of a Directory Sync configuration page, next to the “Save Directory” button.

Improved styling for errors in input fields in the Duo Admin Panel

  • Input fields in the Admin Panel now have improved styling for error states, highlighting the affected field in red along with an error icon for better usability and accessibility.

Bug fixes

  • Directory Sync:
    • Corrected an issue in which synced users were not being removed from manually created groups they had previously been placed in. Now, synced users will be removed from all groups except the groups managed by the directory sync.
    • Fixed a bug in which the directory sync process did not remove a user’s email attribute when the email field was blank in the directory.
  • Administrator Actions Log:
    • When a Duo administrator triggers a directory sync, the start and complete events for that sync are now displayed in the Administrator Actions log in the Admin Panel when filtering for that particular administrator.
  • Admin API
    • Fixed a bug in which the is_enrolled attribute would always return “false” when retrieving bypass codes via the Admin API using /admin/v1/bypass_codes.
1 Like

Please be aware that we have identified an issue affecting Duo Authentication for Windows Logon and RDP version 4.1 on Active Directory domain controllers that may trigger user lockouts.

We recommend that you do not install version 4.1 on your domain controllers and install version 4.0.7 instead. Please refer to our documentation for details.

Hello everyone, we have released Duo Authentication for Windows Logon and RDP version 4.1.1, which addresses the issue that Kelly described above. You can download the new version from the link provided in step 5 of the “First Steps” section in the documentation.