Duo adds two-factor authentication to Outlook Web App (OWA) logins, offering inline self-service enrollment and authentication with Duo Universal Prompt.
Download the current release from the Checksums and Downloads page.
Version 2.0.0 - May 4, 2023
Duo Universal Prompt support with OIDC standards-based redirects. The Duo Prompt no longer loads in an iframe. Learn more about the move to frameless authentication in preparation for Duo Universal Prompt.
- The installer now defaults to "fail closed" for new installations and upgrades from v1.x to v2.0.0. Upgrades from v2.0.0 to future releases will preserve the installed fail mode selection.
- TLS 1.2 is now the minimum supported version. Drops support for TLS 1.1, 1.0, and SSLv3.
- Now supports WinHTTP proxy server configurations that use a bypass-list.
- Corrects an issue where ECP logout did not expire the Duo session cookie created after MFA success at login.
- Changes the Duo OWA registry key location to
HKLM\Software\Duo Security\DuoOwa and the registry values
Version 1.3.3 - October 2019
- Released for Exchange 2013+ only; no Exchange 2010 release (Duo's support for Exchange 2010 ends on February 15, 2021).
- Fixed security issue with session cookie expiration affecting Exchange 2013 and newer.
- Updated jQuery version to 1.6.3.
- Support for Windows Server 2008 R2 ends in January 2020. Future releases may not function on unsupported operating systems.
Version 1.3.2 - April 2018
- Support for UPN usernames.
- Internal permit bypass for Exchange 2013 and 2016 built-in health mailboxes.
- Separate installers and instructions for Exchange 2010 and Exchange 2013 and later.
- Exchange 2013 and later installations now require .NET Framework 4.5 and ASP.NET 4.5.
- TLS 1.1 and 1.2 support for Exchange 2013 and later.
Version 1.2.1 - October 2017
Version 1.2.0 - April 2016
- Adaptive sizing for Duo authentication prompt.
- Supports SSL offloading.
- Supports OWA on Exchange 2016.
Version 1.1.9 - November 2014
Version 1.1.7 - September 2014
- Expanded two-factor protection to ECP site.
Version 1.1.5 - April 2014
Version 1.1.3 - April 2014
- Fixed double-prompt for primary credentials with some Exchange Server 2013 installations.
- Fixed installer issues on systems using certain international date formats.
Version 1.1.2 - January 2014
- Fixed time-synchronization with Duo's service.
- Fixed incorrect handling of client IP addresses.
Version 1.0.8 (for Exchange Server 2007) - January 2014
- Fixed an issue in which high usage could incorrectly cause Exchange Server to exceed its session limit.
- This was the last release for Exchange 2007.
Version 1.1.1 - November 2013
- Added support for Exchange Server 2013.
- Added fail-open mode.
- Fixed post-login redirection for deep links.
- Removed the option to strip Windows domains from usernames (superseded by the username normalization option for applications set in the Admin Panel).
- Removed support for Exchange Server 2007.
Version 1.0.6 - August 2013
- Added support for Duo's new enrollment frame.
- Fixed permissions errors when using multiple IIS Application Pools.
Version 1.0.5 - May 2013
- Fixed incorrect usage of persistent cookies.
Version 1.0.4 - August 2012
- Fixed a compatibility issue with HTTPS-only cookies.
Version 1.0.3 - June 2012
- Added an option to strip Windows domains from usernames.