Version 5.3.0 - April 2; 2026$$$Beta of Offline Access for Passwordless OS Logon. Users log in securely via Bluetooth connection to a mobile device with Duo Mobile and platform biometric or PIN verification when the Windows system cannot contact Duos service.$$$Adds the registry value PwlOfflineAvailable which overrides the Admin Panel setting to disable offline access for passwordless OS logon at the local endpoint.$$$Duo Mobile push requests now show the RDP application name specified in the Admin Panel.$$$Minor UI fixes for passwordless OS logon.$$$Corrects an issue where the ProvidersWhitelist registry value may not have persisted on upgrade via silent install.$$$Updates UAC behavior with remembered devices. When a user elevates to local administrator; the remembered device session persists regardless of which elevated windows are open or closed. A user switching to a different account via UAC does not create a remembered device session.$$$Adds additional debug logging.

Version 5.2.0 - December 1; 2025$$$WARNING: An issue is present in the Duo Authentication for Windows Logon 5.2.0 installer which may cause removal of Duo registry keys and values created after the initial installation when upgrading from a prior version to 5.2.0 using a silent install method. This affects existing user offline access and paswordless OS logon enrollments. After upgrading; users may need to re-enroll in offline access and passwordless OS logon.$$$$$$This issue preserving offline and passwordless registrations is not seen with interactive GUI installations and is corrected in the 5.2.1 release. Please do not install 5.2.0 via silent install if any user enrollments in offline access or passwordless OS logon; or any Duo registry keys and values created after your initial install exist on your clients.$$$$$$Learn more about the 5.2.0 installer issue in the article Guide to issues with the Duo Authentication for Windows Logon 5.2.0 installer in the Duo Knowledge Base.$$$$$$General availability of persistent trusted sessions; which improves the remembered devices experience on Windows with support for suppressing repeated MFA requests for devices on specified networks.$$$General availability of ARM 64 support for Windows 10 version 1709 and later. All Duo for Windows Logon & RDP features available for Intel systems may now be used on ARM systems; including Passwordless OS Logon and Verified Duo Push.$$$Beta support for Duo Passport sessions for RDP logins.$$$Corrects an issue with certificate pinning.$$$The certificate pinning issue exists in versions 4.3.16 to 5.1.1. This issue prevented successful CA verification. This means that prior messaging identifying any versions as affected by 2026 Duo root certificate authority bundle replacement was incorrect. Versions prior to 5.2.0 will not be affected by the Duo CA bundle expiration in 2026. We do still encourage updating older installs to current versions to obtain security fixes and experience new features and enhancements.$$$Improved error handling for password change scenarios.$$$Logging improvements for authentication actions and Bluetooth.$$$Security improvements.$$$Additional bug fixes.

Version 5.1.1 - May 27; 2025$$$Improved password change and password reset experience.$$$Fixed issue where the Duo authentication window renders transparently.$$$Improved experience when passwordless authentication times out.$$$Removed auto logon feature for passwordless. Users should click “Sign in” to initiate passwordless authentication.$$$Improved experience for passwordless-enrolled users who log in via “Other User”.$$$Adds support for new Duo certificate authorities.$$$Security fixes.

Version 5.1.1 - May 27; 2025$$$Improved password change and password reset experience.$$$Fixed issue where the Duo authentication window renders transparently.$$$Improved experience when passwordless authentication times out.$$$Removed auto logon feature for passwordless. Users should click “Sign in” to initiate passwordless authentication.$$$Improved experience for passwordless-enrolled users who log in via “Other User”.$$$Adds support for new Duo certificate authorities.$$$Security fixes.

Version 5.0.0 - February 24. 2025$$$General availability of Passwordless OS Logon. Users may log in securely to Windows via Bluetooth connection to a mobile device with Duo Mobile platform biometric or PIN verification instead of entering a password.$$$It is now possible to restrict which user groups may use Passwordless OS Logon from the Duo Admin Panel.$$$Cancelling a Passwordless OS Logon push now immediately cancels the push in progress rather than simply dismissing the Passwordless push dialog but waiting for the push to time out.$$$General availability of Verified Duo Push support for Windows logons when the authentication methods policy requires Verified Duo Push with a verification code.$$$Improved handling of updates to offline policies.$$$Improvements to the Windows password reset experience.$$$Adds support for Windows Server 2025 and removes installer support for Windows 2012 R2 and earlier.

Version 4.3.1 - April 9; 2024$$$$$$Restores the ability to perform a silent install without providing application information in the command.$$$Corrects an issue where the exe installer did not retain the existing FailOpen value during upgrade from a prior version.$$$Corrects installer issues with uninstalls and reinstalls of the same version.$$$Corrects an issue where a trusted session was erroneously invalidated.$$$Corrects an issue where the login button was focused on by default instead of the passcode field.$$$Adds the MaxBootTimeDelta GPO setting.

Version 4.3.0 - February 27; 2024$$$Accessibility improvements.$$$Design improvements and minor bug fixes in installer.$$$Corrects an issue which caused occasional black or frozen screens during Duo login.$$$Adds an optional registry setting ParseUsernameAndDomain which overrides Duo user/domain determination logic by parsing the username provided by the user. Refer to Why might an incorrect username get sent to Duo from a machine joined to Entra ID? for more information.$$$Addresses a security vulnerability in which trusted sessions persisted after a reboot (CVE-2024-20301; Cisco Security Advisory).$$$Addresses a security vulnerability where the Duo secret key value was logged in plain-text during an application upgrade (CVE-2024-20292; Cisco Security Advisory).$$$We recommend you migrate to a new instance of the application to preserve the integrity of the application credentials on your client systems. Refer to Duo KB Article 8760 for step-by-step instructions. Refer to the Duo KB article What are Duo application credentials and how should I protect them? for more information.$$$Corrects an issue where the installer did not secure the Duo registry key so integration credentials could be read by unprivileged users until the registry key was secured by first launch of the application.$$$The exe installer now defaults to fail closed for the Bypass Duo authentication when offline (FailOpen) setting and overrides the previous fail mode selection. The msi now installer will default to fail closed for net new installations and upgrades will preserve the previous fail mode selection.

Version 4.2.2 - March 15; 2023$$$Corrects an issue in Duo Offline Access for Windows which allowed Windows Offline login passcodes to be reused or replayed under certain conditions (CVE-2023-20123; Cisco Security Advisory).

Version 4.2.1 - November 22; 2022$$$Corrects an issue where an enrolled Windows Offline user would be deprovisioned from offline access if there was a network disruption during online login.

Version 4.2.0 - September 23; 2021$$$Introduces remembered devices for local Windows logins. The Remembered Devices policy for Duo MFA; Access; and Beyond plan customers now includes settings for Windows Logon. Remembering the device during online authentication creates a trusted session; letting users skip Duo two-factor authentication for the lifetime of the session.$$$Adds the hostname of the system where Duo for Windows Logon is installed to Duo Mobile push requests and the Windows logon authentication type (Local; RDP; UAC) to Duo Push request notifications.$$$Adds support for Windows 11 and Windows Server 2022.$$$Bug fixes.