on - edited on by
DuoKristina
Hello everyone! Here are the release notes for our most recent updates to Duo.
Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
Check out a new resource: Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.
What's in this release?
- New features, enhancements, and other improvements
- Now generally available: Mute push notifications after a fraudulent push
- Update to Duo Device Health application policy menus in Duo Admin Panel
- New LDAPS end-of-life milestone reached
- Logout Redirect URL for Duo Single Sign-On (SSO) with an Active Directory authentication source
- Users in “Disabled” status lose existing browser sessions to improve security
- New authentication options for Passwordless users using Firefox on macOS
- Update to step-up authentication for Risk-Based Factor Selection (RBFS)
- New and updated applications
- Six new named SAML applications with Duo SSO and two SSO updates
- Duo Splunk Connector version 2.0.2 released
- Duo Device Health Application for Linux version 1.0.0 released
- Duo Device Health Application for macOS version 5.4.0.0 released
- Duo Device Health Application for macOS public beta version 5.3.2.0 released
- Duo Device Health Application for Windows 10 and 11 version 5.4.0 released
- Duo Device Health Application for Windows public beta version 5.3.2 released
- Duo Mobile for Android version 4.49.0 released
- Duo Mobile for iOS version 4.49.0 released
- Bug fixes
New features, enhancements, and other improvements
Now generally available: Mute push notifications after a fraudulent push
- Muted Push mutes a user’s Duo Mobile push notifications for 20 minutes after the user marks a push fraudulent to minimize push harassment by bad actors. Users can still approve pushes within the Duo Mobile app during this period.
- Administrators can enable Muted Push in Settings > Duo Mobile App.
Update to Duo Device Health application policy menus in Duo Admin Panel
- Added new policy options to the Duo Admin Panel for the newly released Duo Device Health Application for Linux.
New LDAPS end-of-life milestone reached
- As of September 7, 2023, the Duo Admin Panel no longer permits creating new applications to protect Cisco, Juniper or Pulse firewalls with a direct LDAP connection to Duo's cloud service (LDAPS) to add two-factor authentication to SSL VPN logins.
Logout Redirect URL for Duo Single Sign-On (SSO) with an Active Directory authentication source
- Duo SSO configured to use Active Directory domains or forests as a first-factor authentication source settings now includes a Logout Redirect URL. This field is optional. When this field is populated, after logging a user out of Duo Single Sign-On they will be redirected to the URL in this field. You can access this option under Single Sign-On > Configured Authentication Sources > Active Directory in the Duo Admin Panel.
Users in “Disabled” status lose existing browser sessions to improve security
- If a user’s status is set to “Disabled,” their existing browser sessions with Duo will be invalidated.
- Ways a user can enter this status include:
- A status change of the individual user or a group the user is in via the Admin Panel or Admin API
- A status change in an imported CSV of users via the Admin Panel
- A change of the user’s status via Azure AD Sync or AD Sync
New authentication options for Passwordless users using Firefox on macOS
- Users can now register roaming authenticators when using Firefox on macOS.
- Roaming authenticators are authentication methods that can be inserted into or paired with your device and then removed, like a USB security key.
Update to step-up authentication for Risk-Based Factor Selection (RBFS)
- One additional update rolled out with the D272 release:
- RBFS steps up authentication when a novel ASN (autonomous system number) is detected.
New and updated applications
Six new named SAML applications with Duo SSO and two SSO updates
- There are now named SAML applications for Barracuda Web Application Firewall, SentinelOne, KnowBe4, Fortinet FortiGate Administrators, Tenable and Huntress to protect using Duo SSO, our cloud identity provider.
- The Google Workspace Duo SSO application also now supports third-party SSO profiles.
- The Duo SSO for Citrix Workplace application now requires entry of the full Entity ID and ACS URLs.
- Reminder: Duo Access Gateway will reach end of life October 16 through 26, 2023. Please see the Guide to Duo Access Gateway end of life for more details.
Duo Splunk Connector version 2.0.2 released
- Adds new Duo log types:
- Activity Logs
- Authentication v2 Logs
- Telephony v2 Logs
- Trust Monitor Logs
- Adds ability to enable/disable individual log types to ingest.
- Adds support for multiple input instances.
- Increases security of credentials.
- Migrates storage of log timestamps from file on disk to a Splunk KV store.
- Separates Duo-specific Splunk logs into a SPLUNK_HOME/var/log/splunk/duo_splunkapp folder.
- Normalizes Splunk fields - ctime, timestamp, eventtype, and host.
- Decreases the initial lookback period for new logs from 30 days to 7 days.
- Downloadable only from Splunkbase as of this release.
Duo Device Health Application for Linux version 1.0.0 released
- General availability release.
Duo Device Health Application for macOS version 5.4.0.0 released
- Minor improvements and enhancements.
Duo Device Health Application for macOS public beta version 5.3.2.0 released
- Minor improvements and enhancements.
Duo Device Health Application for Windows 10 and 11 version 5.4.0 released
- Minor improvements and enhancements.
Duo Device Health Application for Windows public beta version 5.3.2 released
- Minor improvements and enhancements.
Duo Mobile for Android version 4.49.0 released
- Custom branding accent and background color fully enabled. Custom branding accent and background color settings will automatically apply to Duo Mobile.
Duo Mobile for iOS version 4.49.0 released
- Miscellaneous bug fixes and behind-the-scenes improvements.
Bug fixes
- Fixed a Duo Passwordless bug that incorrectly gave Linux users an option to register platform authenticators for passwordless authentication.