cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
989
Views
0
Helpful
5
Comments
DuoKristina
Cisco Employee
Cisco Employee

Hello everyone! Here are the release notes for our most recent updates to Duo. 

Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out to commercial deployments. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below. 

Check out the Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.  

Cisco Duo

New Features

Now in Public Preview: Passwordless for Operating System (OS) Logon for Windows  

Passwordless OS Logon is now available for customers to try as a public preview feature! Requires installation of Windows Logon 4.3.16 Public Preview release on test clients. 

  • The Microsoft RDP application in the Admin Panel now includes a setting to enable Passwordless OS Logon. 
    DuoKristina_0-1732199077258.png

Now Generally Available: Block Registered Devices 

  • New endpoints added to the AdminAPI to block a device from registration. Requires "Grant write resource" API permission. 
  • The Registered Devices page in the Duo Admin Panel is now renamed Device Registration. On the Device Registration page, you can view tables with your "Registered devices" and "Blocked devices". From here you can choose to remove or block registered devices. 

Now Generally Available: Google Workspace for iOS Integration 

  • Admins can now use the Trusted Endpoint Google Workspace Integration with iOS and Android. 

Now Generally Available: Trusted Network Exception 

  • Admins can now bypass the Trusted Endpoint policy if they configure the Trusted Network Exception and devices are using the IP address. 
    DuoKristina_1-1732199143903.png

Now Generally Available: User Directory Sync “high frequency sync” opt-in 

Now Generally Available: Duo for NetScaler Web - OAuth with Duo Universal Prompt 

  • Supports direct Duo OAuth authentication with Universal Prompt from NetScaler 14.1-29.63 and newer with Advanced or Premium licensing.

  • Solution does not require on-premises Duo Authentication Proxy or Citrix Federated Authentication Services (FAS) deployment.
  • The iframe-based traditional Duo Prompt in NetScaler RADIUS configurations will reach end of support on December 31, 2024. We encourage customers still using iframe configurations to migrate to OAuth for NetScaler or Duo SSO for NetScaler.

Enhancements

  • Navigation to external directory sync in the Duo Admin Panel has changed from Users → Directory Sync to Users → External Directories.

New and Updated Applications

New Duo Single Sign-On (SSO) Application 

There is now a named SAML application to protect Freedcamp using Duo Single Sign-On. 

Updates to Existing SSO Applications 

  • Implemented Smartsheet domain-level support and made appropriate changes to existing plan-level. 
    • Added two sets of mapped attributes for domain-level and plan-level. 
    • Added two documentation references for domain-level and plan-level. 
    • Added two SSO login methods for domain-level and plan-level. 
  • Fortinet FortiGate now uses the UI instead of the CLI Console. The VPN, Firewall, and User Group sections were also removed. 

Duo Authentication for Duo Network Gateway 3.2.1 released 

Customers who use Let's Encrypt certificates should not update to the 3.2.1 release due to a known issue. This will be fixed in a future release.

  • Logging enhancements. 
  • Fixes to allow security headers in DNG auth path and to allow wildcard hostnames in scripted configuration files. 
  • Updated Dependencies:Attributes to 24.2.0, Cryptography to 42.0.7, Incremental to 24.7.2, Pyjwt to 2.9.0, and pyOpenSSL to 24.1.0.

Duo Authentication for Windows Logon 4.3.16 Public Preview released 

  • Public preview of Passwordless OS Logon. Instead of entering their Windows password, users log in securely via Bluetooth connection to a mobile device with Duo Mobile platform biometric or PIN verification. 
  • Adds certificate pinning to enhance security of the connection between the Duo for Windows Logon client and Duo's cloud service. 
  • Now sends the Passport signature for every local authentication regardless of whether local remembered devices is enabled or checked. This removes the "Remember devices for Windows Logon" policy requirement for Duo Passport starting with the D304 cloud release.

Duo Desktop 7.0.1.0 for macOS released 

  • Expanded language support in the app to include Indonesian, Portuguese, Chinese, Italian, Polish, Korean, Thai, Hindi, Turkish, and Vietnamese. 
  • Fixed an issue where Microsoft Defender for Endpoint would be detected despite missing a valid license key. 
  • Added detection for Qualys, Sophos Home, and Forcepoint ONE. 
  • The app can now properly detect whether it is running in a virtual machine on Macs with Apple silicon. 

Duo Desktop 7.0.1 for Windows released 

  • Expanded language support in the app to include Indonesian, Portuguese, Chinese, Italian, Polish, Korean, Thai, Hindi, Turkish, and Vietnamese. 
  • Added detection for Qualys, Sophos Home, and Forcepoint ONE. 
  • Fixed an issue where Windows Defender's version was not being reported. 

Duo Desktop public beta 7.1.1.0 for macOS released 

  • Minor improvements and enhancements. 

Duo Desktop public beta 7.1.1 for Windows released 

  • Minor improvements and enhancements. 

Duo Mobile for Android version 4.77.0 released   

  • Miscellaneous bug fixes and behind-the-scenes improvements. 

Duo Mobile for iOS version 4.77.0 released 

  • Miscellaneous bug fixes and behind-the-scenes improvements. 

Bug Fixes  

  • Directory sync behavior on syncing notes that exceed the length limit of 512 characters has been changed to truncate the notes text instead of raising an error and failing to sync the user.  
  • Fixed a bug with the Administrator Logins widget on the dashboard where the list was no longer scrollable. 
  • The Allow List functionality on the “Access from Denied Countries” check is now working properly. 
  • Fixed a bug where users were being checked for inactivity much more frequently than intended. 
  • Fixed a bug in passwordless trusted endpoints where a mobile device was identified in the authentication log as “Not a Trusted Endpoint - determined by Duo Desktop”. 

Identity Security

New Features

Now in Public Preview: User Trust Levels 

  • You can now see User Trust Level information throughout the Identity Intelligence platform through new dashboard widgets, new filters/columns on the Users page, in the Overview tab of the User 360, and more!  
  • User Trust Level identifies accounts that pose increased risk to your environment because of the events/activity happening on the account so that you can prioritize the investigation, and remediation if needed, of these users and better protect your organization. 

New Microsoft Conditional Access Policy Report 

  • Navigate to the Reports page to download the csv report which contains information about your organization’s Conditional Access Policy usage over the last 30 days (if Entra ID is configured as an integration in Identity Intelligence) to identify policy misconfigurations or unexpected policy implementations that should be addressed. 
  • The report contains policy names, observed results to determine which policies were actually used, how many Conditional Access results were successful vs failed, how many times a policy did not apply to an event, how many events were successful, failed, blocked, etc, how many users made up those events, and the created and/or modified dates of a policy and its current status (enabled, disabled, etc). 

Enhancements

Duo Bypass Code Visibility

  • Duo bypass code usage counts and expiration dates have been added to the Factors table in the Overview tab of the User360 to help identify long standing bypass codes that should be revoked. 
  • This information can also be added to the table as additional columns by clicking the Columns button above the table headers and selecting “Uses Remaining” and/or “Expiration Date”.
    DuoKristina_3-1732199295835.png
     
     

Duo Enrollment Status in User 360

Duo enrollment status has been added to Duo source cards on Overview tab of User 360 to give more context about a user’s state in Duo. 

Check compatibility Extended to Duo 

  • Login to Admin Console - Detects when a user has logged into the Duo Admin console over the last 7 days to monitor or investigate suspicious or unexpected behavior. 
  • Admin role Assigned to User - Detects when a new Duo Admin has been created.  

ASN Tags Visibility

ASN Tags are now visible in the Tags column of both the User 360 Activity and Networks tab when the data is available. 

Allow/Block Lists Enhancements

New items added to the Allow/Block lists under Check Settings are now reflected with an icon, making it easier to distinguish which items were added to the list by an Admin, or were part of the default list of items created by Identity Intelligence. 

  • If the default was a block list and an Admin switches to an allow list, the icon is added next to the list type title. 
    DuoKristina_0-1732210210702.png
Comments
Gigawatt
Level 1
Level 1

This feature is amazing! When we first started using Duo they put in an exception/use case for us for directory sync to sync every hour but now, this is even better, every 30 mins! 

https://community.cisco.com/t5/duo-release-notes/d303-duo-release-notes-for-november-22-2024/ta-p/5227260#toc-hId--1887508367

 

DuoKristina
Cisco Employee
Cisco Employee

Glad it helps! Note though that it's not exactly "every 30 min"; it's "start a new one 30 min after the last one ended", so timing depends on how long full syncs take for your org.

DuoKristina
Cisco Employee
Cisco Employee

Updated post to include GA of the OAuth MFA solution for NetScaler.

DuoKristina
Cisco Employee
Cisco Employee

Updated post to include additional release note info for Duo Authentication for Windows Logon 4.3.16.

DuoKristina
Cisco Employee
Cisco Employee

Updated post with amended DNG 3.2.1 release notes information and a warning for Let's Encrypt users not to update to 3.2.1 due to a known issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links