Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New and updated applications

• Duo Authentication for Windows Logon and RDP 4.1
• New Named Applications for Public Beta of Duo Single Sign-On

New features, enhancements, and other improvements

• Microsoft Intune Integration for Duo Trusted Endpoints
• Directory Sync Improvements
• Improved Styling for Errors in Admin Panel Fields

Bug fixes

See all bug fixes

New and updated applications

Duo Authentication for Windows Logon and RDP 4.1 released

• Added support for User Elevation, enabling administrators to configure Duo Authentication for Windows Logon to prompt for MFA on credentialed UAC elevation attempts. You can choose to enable User Elevation by selecting the “Enable UAC Elevation Protection” box during installation. Additionally, configuration options are provided to control Offline Access for UAC Elevation.
• The GPO template has been updated to include User Elevation configuration options.
• Our installer for this configuration is now signed using SHA-256.
• Additional bug fixes and security enhancements.

Applications added for the public beta of Duo Single Sign-On

• Slack and Cisco Webex (with Control Hub) have been added as named applications for the public beta of Duo Single Sign-On.

New features, enhancements, and other improvements

Microsoft Intune integration added for Duo Trusted Endpoints

• Duo Trusted Endpoints now integrates with Microsoft Intune. This integration allows Duo administrators who manage their device fleet with Intune to use Duo’s Trusted Endpoints policy to check if an iOS, Android, or Windows device is managed by Intune at the time of access and manage access accordingly.
• This integration is available to customers on the Duo Beyond plan.

Improvements to Directory Sync

• If the group membership of a synced user has changed, a directory sync will now apply those group membership changes even if there is an error saving that user’s attributes.
• If the username value imported from Active Directory or OpenLDAP into Duo changes, the Duo username will now be updated accordingly. Previously, changing the username attribute value created a new user in Duo and put the previous user associated with that account name in the Trash.
• The “Save Directory” button that appears at the top of a Directory Sync configuration page will now be disabled and labeled “No Changes” if no changes have been made on the page.
• The “Delete Directory” button will now appear at the top of a Directory Sync configuration page, next to the “Save Directory” button.

Improved styling for errors in input fields in the Duo Admin Panel

• Input fields in the Admin Panel now have improved styling for error states, highlighting the affected field in red along with an error icon for better usability and accessibility.

Bug fixes

• Directory Sync:
  • Corrected an issue in which synced users were not being removed from manually created groups they had previously been placed in. Now, synced users will be removed from all groups except the groups managed by the directory sync.
    • See DUO-PSA-2020-002
  • Fixed a bug in which the directory sync process did not remove a user’s email attribute when the email field was blank in the directory.
• Administrator Actions Log:
  • When a Duo administrator triggers a directory sync, the start and complete events for that sync are now displayed in the Administrator Actions log in the Admin Panel when filtering for that particular administrator.
• Admin API
  • Fixed a bug in which the is_enrolled attribute would always return “false” when retrieving bypass codes via the Admin API using /admin/v1/bypass_codes.