Duo Release Notes for November 27, 2020

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New and updated applications

New features, enhancements, and other improvements

Bug fixes

See all bug fixes

New and updated applications

Duo Authentication Proxy version 5.1.1 released

  • Fixed a bug causing MPPE key decryption to fail when MPPE was used with an EAP-message attribute.
  • Addresses an issue in prior v5.x.x releases where the running proxy stops responding to incoming RADIUS requests.
  • Added the Microsoft Visual C++ 2015-2019 Redistributable to the Windows Authentication proxy installer to ensure all required DLLs are present on the target system.

New features, enhancements, and other improvements

Instructions added to Duo Admin Panel for migrating Duo Access Gateway applications to Duo-hosted Single Sign-On

  • Eligible applications that can be protected with Duo Access Gateway will now feature a UI message in the Duo Admin Panel on the application details page listing instructions for migrating to a Duo-hosted Single Sign-On version of the application. Note this message will appear only if Duo Single Sign-On has already been enabled on the account. Administrators using Duo Access Gateway will see a different message at the top of their eligible DAG application pages, letting them know about the option to use Duo Single Sign-On.
  • Note that creating a Duo Single Sign-On version of a DAG application does not remove the existing version of the application.

macOS 11 (Big Sur) support added for operating systems policy

  • The operating systems policy, available in Duo Access and Duo Beyond, now supports devices running macOS 11 (Big Sur).
  • Note that by default, Duo enforces OS policy settings based on the OS version information provided by the user agent string in the user’s browser. However, Safari on macOS 11 is still reporting its OS as 10.15.6. Duo will consider the most up-to-date macOS version as both 10.15.7 and 11.0.0.
  • To enforce a policy of macOS 11.0.0 as the most up-to-date OS, you can provision the Duo Device Health application, available on Duo Access and Duo Beyond. On devices running the Device Health app, OS policy is enforced based on the OS version reported directly by the device rather than the browser’s user agent string.

Google Verified Access integration for Duo Trusted Endpoints now in public preview phase

  • Google Verified Access, now in public preview phase as an integration for Duo Trusted Endpoints, allows you to ensure that only G Suite-managed Chromebooks are used to access Duo-protected applications.
  • Trusted Endpoints is available on Duo Beyond.

Secret keys used with Active Directory and OpenLDAP directory syncs can now be reset

  • You can now reset a secret key for an Active Directory or OpenLDAP directory sync. Previously, the only way to rotate a secret key for these types of directory syncs was to delete the directory sync configuration and create a new one.

Authentication Log now displays the country name associated with an authentication attempt

  • The location of the access device and the second factor method listed in the Authentication Log in the Duo Admin Panel now includes the country name, in addition to the city and state / region.

Bug fixes

  • All Duo administrator roles with permissions to view data tables in the Admin Panel (lists of users, phones, hardware tokens, and endpoints) now can also download them via an Export button. The administrator roles with access to both view and export this data are: Application Manager, Help Desk, and Read Only.