Skip navigation
Documentation

Duo for Outlook Web App (OWA) - Release Notes

Last Updated: July 26th, 2023

Duo adds two-factor authentication to Outlook Web App (OWA) logins, offering inline self-service enrollment and authentication with Duo Universal Prompt.

Download the current release from the Checksums and Downloads page.

Version 2.0.0 - May 4, 2023

  • Duo Universal Prompt support with OIDC standards-based redirects. The Duo Prompt no longer loads in an iframe. Learn more about the move to frameless authentication in preparation for Duo Universal Prompt.
  • The installer now defaults to "fail closed" for new installations and upgrades from v1.x to v2.0.0. Upgrades from v2.0.0 to future releases will preserve the installed fail mode selection.
  • TLS 1.2 is now the minimum supported version. Drops support for TLS 1.1, 1.0, and SSLv3.
  • Now supports WinHTTP proxy server configurations that use a bypass-list.
  • Corrects an issue where ECP logout did not expire the Duo session cookie created after MFA success at login.
  • Changes the Duo OWA registry key location to HKLM\Software\Duo Security\DuoOwa and the registry values IKey and SKey to Client_Id and Client_Secret.

Version 1.3.3 - October 2019

  • Released for Exchange 2013+ only; no Exchange 2010 release (Duo's support for Exchange 2010 ends on February 15, 2021).
  • Fixed security issue with session cookie expiration affecting Exchange 2013 and newer.
  • Updated jQuery version to 1.6.3.
  • Support for Windows Server 2008 R2 ends in January 2020. Future releases may not function on unsupported operating systems.

Version 1.3.2 - April 2018

  • Support for UPN usernames.
  • Internal permit bypass for Exchange 2013 and 2016 built-in health mailboxes.
  • Separate installers and instructions for Exchange 2010 and Exchange 2013 and later.
  • Exchange 2013 and later installations now require .NET Framework 4.5 and ASP.NET 4.5.
  • TLS 1.1 and 1.2 support for Exchange 2013 and later.

Version 1.2.1 - October 2017

  • Duo Web SDK 2.6.

Version 1.2.0 - April 2016

  • Adaptive sizing for Duo authentication prompt.
  • Supports SSL offloading.
  • Supports OWA on Exchange 2016.

Version 1.1.9 - November 2014

  • Fail mode refinements.

Version 1.1.7 - September 2014

  • Expanded two-factor protection to ECP site.

Version 1.1.5 - April 2014

  • Bugfixes.

Version 1.1.3 - April 2014

  • Fixed double-prompt for primary credentials with some Exchange Server 2013 installations.
  • Fixed installer issues on systems using certain international date formats.

Version 1.1.2 - January 2014

  • Fixed time-synchronization with Duo's service.
  • Fixed incorrect handling of client IP addresses.

Version 1.0.8 (for Exchange Server 2007) - January 2014

  • Fixed an issue in which high usage could incorrectly cause Exchange Server to exceed its session limit.
  • This was the last release for Exchange 2007.

Version 1.1.1 - November 2013

  • Added support for Exchange Server 2013.
  • Added fail-open mode.
  • Fixed post-login redirection for deep links.
  • Removed the option to strip Windows domains from usernames (superseded by the username normalization option for applications set in the Admin Panel).
  • Removed support for Exchange Server 2007.

Version 1.0.6 - August 2013

  • Added support for Duo's new enrollment frame.
  • Fixed permissions errors when using multiple IIS Application Pools.

Version 1.0.5 - May 2013

  • Fixed incorrect usage of persistent cookies.

Version 1.0.4 - August 2012

  • Fixed a compatibility issue with HTTPS-only cookies.

Version 1.0.3 - June 2012

  • Added an option to strip Windows domains from usernames.