Hello everyone! Here are the release notes for our most recent updates to Duo.

Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

Check out the Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.

New features, enhancements, and other improvements

Now in public preview: Duo Mobile with time-based one-time passcodes (TOTP)

• Duo administrators can now enable time-based one-time passcodes (TOTP) generated by the Duo Mobile app instead of HMAC-based one-time passcodes (HOTP) for Duo-protected applications.

Now in public preview: Require user verification with PIN or biometric for WebAuthn roaming authenticators

• Administrators can require user verification through a PIN or biometric method when enrolling or authenticating with a roaming authenticator through the Authentication Methods policy in the Policies section of the Duo Admin Panel.
• Please note:
• This setting will immediately require a PIN/biometric for all policy-affected roaming authenticator registrations and authentications, regardless of whether a PIN/biometric was previously set.
• Depending on the device and browser you are using, you may need to remove and re-enroll or separately configure a PIN/biometric for your security key before you can continue to use it for authentication. 
• This option blocks roaming authenticators that do not support FIDO2 user verification.
• See also: What are the effects of requiring user verification for WebAuthn roaming authenticators in the Authentication Methods policy?
• While user verification is optional for two-factor authentication (2FA), it is always required for passwordless authentication.

The authentication methods section of Policies now shows the option to require user verification with PIN or biometric.

Now in public preview: Duo Universal Prompt support for Device Management Portal

• Administrators using an on-premises Device Management Portal application can now migrate to the Universal Prompt. 
• An existing Device Management Portal application requires  Duo Web SDK 4 or the Duo OIDC Auth API. 

Now in public preview: Policy Compact View in Duo Admin Panel

• Administrators can see a new, compact view of Policies. Policies will not change between the original view and the compact view, and admins can switch between them as desired.

You can now manage policies in compact view.

An example of the compact view.

New button to copy the Duo IdP certificate for Duo Single Sign-On (SSO) named integrations

• Administrators can select Copy certificate In the Duo Admin Panel, under Downloads, to make a copy of the Duo identity provider certificate file text to use while configuring named SSO integrations.

Update to the Universal Prompt Progress report

• Bitwarden apps are now displayed as Update required in the Universal Prompt Progress report.

Update to supported browsers for platform authenticators

• Firefox version 122.0 is now the minimum supported macOS Firefox version for platform authenticators registered in Duo enrollment and the Device Management Portal.

Update to Risk-Based Remembered Devices experience

• End users will now receive a prompt asking them to acknowledge if they are on a shared device before they set up a new Risk-Based Remembered Devices session.

A prompt now asks "Is this your device?"

• End users will also have a Remember me checkbox in Universal Prompt that they can select to be remembered.

There is now a "remember me" checkbox in Universal Prompt.

New and updated applications

Four new named SAML applications with Duo SSO

• There are now named SAML applications to protect Cisco Email Security, ClickUp, Cisco Security Cloud Sign On and New Relic with Duo Single Sign-On (SSO), our cloud identity provider.
• AWS SageMaker can now be protected by Duo SSO with the existing named SAML application for AWS IAM Identity Center.
• Reminder: Duo Access Gateway reached the last date of support on October 26, 2023. The DAG end-of-life milestone scheduled for March 30, 2024 has been canceled. At this time, existing DAG applications will continue to work after March 30, 2024. Please see the Guide to Duo Access Gateway end of life for more details.

Duo Desktop macOS public beta version 6.5.3 released

• Fixed an issue that could prevent authentications from completing in the traditional Duo Prompt.

Duo Desktop Windows public beta version 6.5.3 released

• Minor improvements and enhancements.

Duo Mobile for Android version 4.61.0 released

• Miscellaneous bug fixes and behind-the-scenes improvements.

Duo Mobile for iOS version 4.61.0 released

• Miscellaneous bug fixes and behind-the-scenes improvements.

Bug fixes

• Duo Trust Monitor: Group names that are put into bypass status are now visible in the Duo Trust Monitor Notification Email.
• Risk-Based Factor Selection: Fixed issue where end users could not resolve their step-up status upon successfully authenticating with a more secure factor.
• Universal Prompt: Fixed bug that sent SMS refresh codes even though SMS refresh is not supported by Universal Prompt.