Hello everyone! Here are the release notes for our most recent updates to Duo.
Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out to commercial deployments. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
Check out the Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.
Cisco Duo
New Features
Now Generally Available: Two new Admin API Endpoints to Restore Multiple Users from Trash and Send Multiple Users to Trash
- The Restore Multiple Users from Trash endpoint restores users from trash. Requires "Grant resource - Write" API permission.
- The Send Multiple Users to Trash endpoint sends users to trash. Requires "Grant resource - Write" API permission.
Now in Public Preview: Passport support for Passwordless for Operating System (OS) Logon
- If a user authenticates using Passwordless for OS Logon with Passport, applications protected by Duo Passwordless will not prompt the user to authenticate again for the duration of the remembered device session for browser-based applications.
Enhancements
- The MFA and Passwordless authentication prompts no longer pause processing when loaded in background browser tabs. For example, users can answer a push and the login will complete with the browser tab not in the foreground.
- The Directory Sync link on the Users page in the Duo Admin Panel has been renamed to External Directories.
- The Full Name and Email fields on the user details page and in the synced attribute configuration for external directory sync in the Duo Admin Panel have been renamed to Display Name and Email Address.
- Duo Passport with Windows Logon preview release 4.3.16, and future releases, will no longer require enabling a “Remember devices for Windows Logon” policy. A Passport session will be created during the Windows login process that will let users skip additional Duo two-factor authentication for browser and desktop applications and skip Duo SSO authentication.
- Duo Passport will no longer require users to complete passwordless authentication when first accessing an application with Duo Passwordless.
New and Updated Applications
Ten new named applications with Duo Single Sign-On (SSO)
- Upgraded Splunk SDK version.
- No change in functionality of Duo Splunk Connector.
- This Duo Splunk Connector will reach end of life on May 1, 2025. Please update to the Cisco Security Cloud application on Splunkbase before this date.
- The user experience for managing the app's communication certificate has been updated. On a fresh install, users will be presented with a new interface to generate a certificate after the installer exits. In addition, when the certificate is close to expiration, a message will be shown in the app to indicate renewal is required. Please note that admins who have disabled certificate management will be exempt from these changes. See Duo KB article 8985 for more information.
- Minor improvements and enhancements.
- Minor improvements and enhancements.
- Miscellaneous bug fixes and behind-the-scenes improvements.
- Miscellaneous bug fixes and behind-the-scenes improvements.
Bug Fixes
- Resolved an issue in Duo Mobile on iOS devices that caused an additional Verified Push step during authentication after updates. Now, security recommendations are displayed post-authentication without disrupting the Trusted Endpoints authentication process.
- Updated and set Cisco ISE Cert expiration date to 19/01/2038 from previous default set value of 01/01/10000.
- The “All other countries” section of the User Location policy in the Duo Admin Panel now properly updates when switching between policies when passwordless was enabled.
- The unenrolled user lockout feature in the Duo Admin Panel now respects group statuses when determining if bypass users should be ignored from being considered unenrolled.
