Hello everyone! Here are the release notes for our most recent updates to Duo.
Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
Check out the Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.
New features, enhancements, and other improvements
- The new Duo Mobile Version Policy Control is now in Public Preview. Administrators can now ensure a better user experience and enhanced security by enforcing minimum version requirements for Duo Mobile. Users who haven't upgraded their application can be warned or blocked accordingly.
- The Admin API previously had a single permission to control both the write and read access to administrator info from the Admin API. Now, there is a separate permission to allow administrators to configure an Admin API integration with read-only access to administrators. The Grant resource read-only and write-only access permissions now use the same format as the Grant administrators permissions.
- Duo Federal editions excluded.
- Added new activity logs in the Admin API to support user actions and Entra ID (Azure) directory and sync actions.
- Duo performs a device check for multiple Intune IDs. Supports enrollments and autopilot IDs in addition to standard Intune ID.
- Added the "Add a Firewall Rule" section to all Meraki Systems Manager and Ivanti Endpoint Manager Mobile integrations with the static IP range, so now based on how the environment is setup, you may need to add a firewall rule to reach our cloud-based public key infrastructure (PKI).
- We've updated the text sent in enrollment emails.
Updated option to submit feedback in Need Help
- The option to submit feedback in the "Need Help" section of the Universal Prompt will no longer be displayed.
WebAuthn credentials date display
- Updated all presentation of registration and last used dates in the Admin Panel to use the customer's preferred time zone (as selected in the Settings menu).
New and updated applications
Five new named applications with Duo Single Sign-On (SSO)
-
The installer now encrypts the Duo secret key (SKEY) information in the registry. Prior versions left the secret key information viewable in plain text. Resolves Cisco Security Advisory CVE-2024-20503.
- We recommend all customers upgrade Duo Epic Hyperdrive clients to this version. Be aware that GPOs with Duo for Epic configuration information will contain the unencrypted SKEY and push that unencrypted info to targeted clients on GPO refresh. Avoid configuring Duo for Epic Hyperdrive via GPO if you wish to maintain the SKEY as secured information.
- Added translations to Duo Desktop authentication.
- Added support for Microsoft Defender for Endpoint.
- Fixed firewall detection on macOS Sequoia 15 Beta.
- Added translations to Duo Desktop authentication.
- Added additional logging if the app crashes.
- Miscellaneous bug fixes and behind-the-scenes improvements.
Bug Fixes
- Admin Page — Fixed a bug where the Passwordless page was loading with an error and not rendering chart data.
- Universal Prompt — Fixed a bug where bypass code was displayed twice as an option when a user was asked to verify their identity before managing devices.
- Admin API v2 — Fixed a bug where Offline Duo Mobile Passcode was showing as unknown for second factor.