Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1183
Views
0
Helpful
8
Comments

D309 Duo Release Notes for February 28, 2025

Rick Wong
Cisco Employee
Cisco Employee

on ‎02-28-2025 08:00 AM

Hello everyone! Here are the release notes for our most recent updates to Duo. 

Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out to commercial deployments. You can subscribe to notifications for new release notes by following the process described here. Check the Duo cloud service release version for your Duo account from the Duo Admin Panel.

If you have any questions about these changes, please comment below. 

Review the Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.  

 

Cisco Duo

LDAPS End-of-Life Milestone Reached

The Duo LDAP cloud service used to provide two-factor authentication via direct LDAPS connection for Cisco ASAJuniper Networks Secure Access, or Pulse Secure Connect Secure SSL VPN logins reached end of life on February 20, 2025. See more details about this end-of-life plan in the Duo Knowledge Base.

New Features 

Now Generally Available: Duo Passport Multi-User Support 

  • This enhancement allows multiple Passport users on shared devices. Passport securely verifies that the device’s logged-in user matches the browser user with an active Passport session. If no match is found, the logged-in user will be prompted to authenticate again. 

Now Generally Available: Verified Duo Push for Windows logons  

  • General availability of Verified Duo Push support for Windows logons when the authentication methods policy requires Verified Duo Push with a verification code. 
    winlogon-verified-push-prompt_2x

Now Generally Available: Passwordless OS Logon and support for enabling OS Passwordless for groups 

  • Users may log in securely to Windows via Bluetooth connection to a mobile device with Duo Mobile platform biometric or PIN verification instead of entering a password. 
  • It is now also possible to restrict which user groups may use Passwordless OS Logon from the Duo Admin Panel.
    rdp-passwordless-settings_2x

“Permitted Groups” is now “User access” 

  • We're changing how you configure allowed group access to Duo applications. The "Permitted Groups" application setting has been renamed to "User access" and relocated to the top of the application details page in the Duo Admin Panel. The options for that setting have changed as well, letting you manage application access by enabling it for all users, specific groups, or disabling it entirely. 

    user-access-default-setting_2x



  • In a future Duo release the user access default setting for newly-created applications will default to "Disable for all users", adhering to least privilege access practices. When this happens the user access permissions for your existing applications will remain unchanged. I

Duo Wear App for Android Watches 

  • We’ve released a companion app to Duo Mobile for Wear OS devices. This app lets you generate passcodes, view push metadata, and approve Duo Pushes and Verified Duo Pushes.

Enhancements 

  • Passwordless: When a customer that has already activated passwordless creates a new policy, all passwordless authentication methods will now default to being off.

New and Updated Applications  

Six new named applications with Duo Single Sign-On (SSO) 

Five existing SSO applications with enhanced attribute support so that name ID attribute shows as custom attribute

Duo Authentication for Windows Logon v5.0.0 released 

  • General availability of Passwordless OS Logon. Users may log in securely to Windows via Bluetooth connection to a mobile device with Duo Mobile platform biometric or PIN verification instead of entering a password. 
  • It is now possible to restrict which user groups may use Passwordless OS Logon from the Duo Admin Panel. 
  • Cancelling a Passwordless OS Logon push now immediately cancels the push in progress rather than simply dismissing the Passwordless push dialog but waiting for the push to time out. 
  • General availability of Verified Duo Push support for Windows logons when the authentication methods policy requires Verified Duo Push with a verification code. 
  • Improved handling of updates to offline policies. 
  • Improvements to the Windows password reset experience. 
  • Adds support for Windows Server 2025 and removes installer support for Windows 2012 R2 and earlier. 

Duo Desktop public beta 7.4.2 for Windows released 

  • Improved logging in the event of a failed connection from Cisco Secure Client. 
  • Internal changes to support using CrowdStrike agent identifiers for trusted endpoints. 

Duo Desktop public beta 7.4.2.0 for macOS released 

  • Removed support for macOS 10.15. 

Duo Mobile for Android version 4.83.0 released   

  • Miscellaneous bug fixes and behind-the-scenes improvements.
  • Duo Wear support.

Duo Mobile for iOS version 4.83.0 released 

  • Miscellaneous bug fixes and behind-the-scenes improvements.

Identity Security 

New Features 

New Check: User Trust Level Alert 

  • Identity Intelligence’s User Trust Level helps quickly identify the riskiest users in your organization based on a combination of different user data. With this new check, User Trust Level Alert, the users who have received a level of Untrusted will fail and you can configure a notification target on the check to proactively receive notifications about these users. 
  • The check’s settings can also be modified to include users who receive a trust level of Questionable.

Enhancements 

  • Identity Intelligence can now see information about non-interactive Entra ID sign ins. Previously the last successful sign in date displayed on the user’s Entra ID source card in the User 360 only displayed successful, interactive sign ins. Now, this date could also represent a successful, non-interactive sign in. Non-interactive sign ins will also be considered when determining a user’s activity status (Active vs Inactive), as well as when evaluating sign in activity for checks like Never Logged In and Inactive Users.  
0 Helpful
Comments
medina-monkey51120
Level 1
Level 1
‎03-06-2025 09:00 PM

Os password less is not working i dont have the enrollment prompt for it during windows sign on.

nlev
Level 1
Level 1
‎03-07-2025 05:45 AM

The Verified Duo Push for Windows logons code is too small leading to confusion for end users. Anyone who agrees, please log in to the DUO support portal and create a feature request case. If there are enough requests, perhaps this will get improved soon. Thanks!

DuoKristina
Cisco Employee
Cisco Employee
‎03-07-2025 06:37 AM

@medina-monkey51120 SOrry you're having issues. Please go through these articles in the Duo Knowledge Base to help troubleshoot:
https://help.duo.com/s/article/9088
https://help.duo.com/s/article/9209

If you still have issues you may want to contact Duo Support if you are eligible.

 

simon-grossheim
Level 1
Level 1
‎03-12-2025 07:30 AM

I have the following problem when updating the DUO Agent for windows Logon (v5.0.0):
When executing the new .exe file, the VM restarts immediately (without warning). When I restarted the .exe, I received the following error message:
Error Starting Setup: Error 0 occurred when creating secure temporary directory.
This article https://help.duo.com/s/article/8827?language=en_US pointed out that you have to delete a temporary folder beforehand. This then also worked. Is this a known problem and will there be a fix for it? Or do I simply have to delete the temporary folder every time?

DVUSDMarkS
Level 1
Level 1
‎03-12-2025 08:04 AM
Having this same issue. Need a fix. We want to upgrade Duo on our servers, but we can never know if the installer will restart the server or not.

nlev
Level 1
Level 1
‎03-12-2025 08:38 AM

Have you tried the MSI installer as a workaround instead of EXE? We successfully updated all our servers to Duo for Windows 5.0.0 using the MSI with /quiet /qn /norestart parameters and didn't experience any unexpected reboots.

DuoKristina
Cisco Employee
Cisco Employee
‎03-12-2025 08:54 AM

We do understand an unexpected reboot may be disruptive. It is hard to predict whether a given system will require a reboot or not, as it depends on the state of Windows and other installations/applications on the same system or files in use at the time of install.

If interruptions are a concern it is a good ideal to plan updates during a maintenance window where servers can be rebooted if needed.

simon-grossheim
Level 1
Level 1
‎03-12-2025 11:14 AM

I have made the updates using GPO and msi package. It works without any problems. I have to restart the VMs to take effect, but that's not a big deal. However, it would be nice if it also works with the exe without problems.

Thanks @nlev for the hint.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Discussion Forums   Subscribe to Duo Release Notes      
 
 
Customers Also Viewed These Support Documents