Showing results for 
Search instead for 
Did you mean: 
Cisco Employee
Cisco Employee

Hello everyone! Here are the release notes for our most recent updates to Duo.

Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

New and updated applications

Bug fixes

See all bug fixes

New features, enhancements, and other improvements

Duo Trusted Endpoints now available to Duo Essentials, Advantage and Premier editions

Available in public preview: Device activity notifications

  • Duo can now send device activity email and/or Duo Push notifications to end users when a device is added or removed from their account.
  • Users can respond to the notification by confirming the change or reporting it as fraudulent. If the user reports a fraudulent change, Duo administrators receive an email notification.
  • To participate in this public preview, enable device activity notifications in Duo Admin Panel > Settings > Notifications.

Duo Central Self-Service Portal: Clearer language for settings

Improved Passwordless administration in the Duo Admin Panel

Risk-Based Authentication now reports more information about Trust Assessment

  • For Duo Advantage and Premier customers who have applied risk-based policies, the Authentication Log Trust Assessment column will now show one of the following reasons for a a step-up authentication decision: Consecutive failures; Credential stuffing; Push harassment; Previously marked fraud; Country code mismatch; Unrealistic travel; Multiple reasons.

Update to Duo Admin API

  • In order to improve our overall security posture, Duo no longer supports server-side key generation for authenticator enrollments. We removed server-side key generation in 2016, and we’ve now removed the ability to activate from instances of Duo Mobile released prior to 2016.

New and updated applications

Five new named applications with Duo SSO

Duo SSO: New password change options available

  • Admins can now enable two new password settings in addition to Expired password reset:
    • Expiring password warnings: Users will receive a notification during login and authentication when their password is expiring within a customizable number of days.
    • Proactive password reset: Users can change their password from the login page at any time.
  • Administrators can adjust these settings in Duo Admin Panel > Settings > Admin Password Policy.

Duo for Outlook Web App (OWA) version 2.0.0 released

  • The installer now defaults to “fail closed” for new installations and upgrades from v1.x to v2.0.0. Upgrades from v2.0.0 to future releases will preserve the installed fail mode selection.
  • TLS 1.2 is now the minimum supported version; drops support for TLS 1.1, 1.0, and SSLv3.
  • Now supports WinHTTP proxy server configurations that use a bypass-list.
  • Corrects an issue where ECP logout did not expire the Duo session cookie created after MFA success at login.
  • Changes the Duo OWA registry key location to HKLM\Software\Duo Security\DuoOwa and the registry values IKey and SKey to Client_Id and Client_Secret.

Universal Prompt now available for OneLogin and Microsoft OWA

  • To enable Universal Prompt for OneLogin:
    1. Navigate to Settings > Account Settings in OneLogin.
    2. Check the box for Enable Duo Universal Prompt (OIDC flow) under the Duo Universal Prompt setting on the Basic page.
    3. Select Save.
    4. Authenticate once with Duo after saving.
  • To enable Universal Prompt for Microsoft OWA, upgrade to Duo OWA v2.0.0 and authenticate once with Duo after upgrading.

Duo Authentication Proxy version 5.8.1 released

  • Fixed an issue where SSO logins that timed out would be incorrectly interpreted as bad credentials.
  • Fixed an issue where the configuration check would no longer incorrectly report a problem with the transport value of an ad_client section if ssl_verify_hostname is not specified.

Duo Mobile for Android version 4.40.0 released

  • Miscellaneous bug fixes and behind-the-scenes improvements.
  • Please note that Android devices will stop using SafetyNet for device attestation (pictured below) before June 2024, which will result in devices running Duo Mobile Android version 4.40.0 and below to stop receiving updates about tamper status.Versions of Duo Mobile for Android released after 4.40.0 will use Play Integrity attestation to update Duo tamper status. Keep your Duo Mobile for Android up to date with new versions to avoid disruption.

Duo Mobile for iOS version 4.40.0 released

  • Pages selected from the left-hand navigation launch as popups; selecting the X on the page returns you to the main screen.
  • Miscellaneous bug fixes and behind-the-scenes improvements.

Bug fixes

  • When logging in to the Duo Admin Panel, selecting Use Passkey when locked out for ten invalid passcode authorization attempts no longer circumvents the lockout.
  • Fixed a bug for the Citrix NetScaler named SAML application with Duo SSO that caused redirections to an error page or a failed login.
  • Passcode factor error messages during authentication now specify what caused the error instead of showing the message “Unknown error.”
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links