Hello everyone! Here are the release notes for our most recent updates to Duo.
Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out to commercial deployments. Check the Duo cloud service release version for your Duo account from the Duo Admin Panel. If you have any questions about these changes, please comment below.
You can subscribe to notifications for new release notes by following the process described here.
Check out the Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.
Cisco Duo
New Features
Now Generally Available: Routing Rule Calculator
The Duo Single Sign-On Routing Rules page now has an option called Routing Rule Calculator to allow you to simulate which routing rule would get picked based on a submitted email address, application, and IP address.
Enhancements
- Admin API endpoint for sending enrollment links (/admin/v1/users/enroll) now uses the customer’s enrollment link setting (under “Enrollment emails” on the Settings page) as its default expiration if none is specified. The previous default value was set to 30 days.
- Directory Synchronization now allows modifying the sync config while a sync is running. Deleting the sync is still not allowed.
- A new optional parameter, display_username, was added to the OIDC Auth API to allow specification of the username that will show up in the Duo Push.
New and Updated Applications
Nine new named applications with Duo Single Sign-On (SSO)
- Upgrade to MyWorkDrive 7 for Universal Prompt support.
- MyWorkDrive integrations will no longer show as "Waiting on App Provider" in the Universal Prompt Progress Report and instead will show "Update Required."
- Adds the new Duo Secret Key Rotation tool in the AD FS installation directory to assist administrators with updating the application's Client_Secret to a new value when required.
- The Client_Secret is encrypted in the Windows registry. Previously, the Client_Secret was saved as clear text in the registry.
- Product installer updated to use WiX Toolset tooling. Previous releases used Advanced Installer.
- Adds support for Windows Server 2025.
- The Duo AD FS 2.3.0 installer restarts the AD FS service prior to exiting. The restart is required if upgrading from a previous version of the Duo AD FS MFA adapter. If any errors are displayed during installation, you may need to manually restart the AD FS service after install completion.
- Minor improvements and enhancements.
- Minor improvements and enhancements.
- Minor improvements and enhancements.
- Reduced the interval for checking for automatic updates to the app.
- Minor improvements and enhancements.
- Miscellaneous bug fixes and behind-the-scenes improvements.
- Miscellaneous bug fixes and behind-the-scenes improvements.
Bug Fixes
- Fixed a bug where Passport sessions established by a successful authentication from Duo Authentication for Windows Logon & RDP would be affected by a blocking policy for unknown browsers, which resulted in users having to perform MFA again instead of leveraging their Passport session.
- Fixed a bug where admins could not re-activate Duo Mobile when Duo Mobile Passcodes were enabled as an admin login factor but Duo Push was not.
New Features
- New Check: Authenticator Registration Anomalies - During account compromise attacks, it is common for the malicious actor to enroll an authentication device in their possession on the compromised end user's account. This allows them to successfully pass potential MFA controls on their future sign-in attempts and to maintain control over the account. The “Authenticator Registration Anomalies” check aims to identify authenticator enrollments that may indicate malicious intent.
- New Report: Microsoft License Utilization by User - Users are often automatically granted certain Microsoft licenses when their account is created; however, if a user becomes inactive for an extended period of time, or switches roles in the organization, they typically retain the license(s) even if it is no longer needed. This report provides a summary of Microsoft license assignment for every enabled Entra user, as well as the user type (internal, external, service account, etc), the user's activity status and more to help easily identify accounts that should be prioritized for license clean up or account deletion to regain Microsoft licenses.
Enhancements
- Improved the Sensitive Applications settings to make it easier to identify which applications were added to the list by default based on Identity Intelligence’s recommendations, and which applications have been added by a tenant admin.