WA 26.1.1 Release Notes

​

Notes

​

Recommended to install with a new configuration file

• This release includes some self-healing functionality, and it is recommended to install the update with a new config file to enable this functionality.

​

New FIDO 2 AAGUID

• TruU is in the final stages of Windows Authenticator certification with the FIDO Alliance and new enrollments made using version 26.1.1 or later of Windows Authenticator will use a new AAGUID. If your organization is restricting security keys the new AAGUID will need to be added to Entra ID > Authentication methods > Policies. The new AAGUID is: bb878d7b-cf54-4784-b390-357030497043

​

Highlights

• Support for ARM systems
• Continuous Authentication
• RDP to Windows systems running TruU Windows Authenticator
• Support for admin requested certificate renewal
• Ability to improve facial biometric to better handle glasses
• PowerShell Module
• Configurable registry settings moved
• Better performance when removing/cleaning systems from the Admin Console
• Better user messaging for errors with FIDO2
• Log files no longer written into system folders
• FIDO2 Enrollment Improvements
• Update .Net to 8.0.22
• Bug Fixes

​

Enhancements

​

Support for ARM systems

• We are excited to announce native support for Windows on ARM in the TruU Windows Authenticator! The Admin Console now contains a download for a dedicated ARM64 Installer. This fully native ARM64 build is optimized for Windows devices powered by Qualcomm Snapdragon, Microsoft SQ-series, and other Arm-based processors (including Surface Pro X, Copilot+ PCs, and compatible laptops/desktops running Windows 11 on ARM).

​

Continuous Authentication

• Continuous Authentication (CAuth) is a realtime risk engine that learns who the authorized user is based on how they interact with their computer. It uses a blend of behavioral signals and machine context data to generate a set of continuous risk scores which can trigger actions depending on configurable policy settings.
• Once your organization has requested CAuth from TruU, it is enabled in the TruU Admin Console as a policy setting for both Applications and Computers.
• As an application policy it can be used for SSO authentication. If the user’s risk is below a configured threshold, they will be able to seamlessly authenticate to SSO applications. If the user’s risk is above the threshold, they will be prompted to authenticate using PIN or biometrics depending on the configured behavior.
• If enabled as a computer policy, when a user’s risk level crosses a configured threshold, they are prompted to verify their identity using face, fingerprint, or PIN. If the user does not respond in time, the screen is locked automatically. An event is sent to the platform recording that the user was prompted and the result of the authentication.
• A single installer bundle is now available that includes both the Windows Authenticator and Continuous Authentication (CAuth), making it easier for administrators to deploy and upgrade both components together in one operation.
  Refer to enable CAuth flag, https://docs.truu.ai/cauth/enable-cauth-application

​

RDP to Windows systems running TruU Windows Authenticator

• Users of TruU’s Windows Authenticator and Frontline Access products can now RDP to systems running Windows Authenticator. This allows users RDP to their systems where they have enrolled with TruU. The destination system must be running Windows Authenticator version 26.1.0 or later for the RDP connection to succeed.

​

Support for admin requested certificate renewal

• Administrators can now select systems and users in the admin console and request they renew their certificate immediately. This should help in cases where administrators want to make changes to their PKI infrastructure and do not want to wait for the existing certificate expiration before renewing.

​

Ability to improve facial biometric to better handle glasses

• Users who wear glasses can now improve their facial biometric by capturing their face without glasses. This should allow them to authenticate with their facial biometric more consistently whether wearing glasses or not.

​

PowerShell Module

• The Windows Authenticator now includes a PowerShell module. This provides administrators the ability to get information about enrolled users via PowerShell script. In a PowerShell session, type truu -helpto see the available options

​

Configurable registry settings moved

• Registry values to configure the TruU Windows Authenticator have moved to HKLM\SOFTWARE\Policies\TruU\Authenticator. With that in mind. existing settings will be copied to the new location when upgrading to the 26.1.0 version. These settings were moved to make it obvious to administrators which values to change and reduce the risk of accidentally changing settings required by TruU for proper functioning of the product.

​

Better performance when removing/cleaning systems from the Admin Console

• In previous versions, it could take the Windows Authenticator up to an hour to respond after an administrator had removed the system from the Admin Console, or the system was cleaned up due to inactivity. The Windows Authenticator will now respond within 5 minutes when removed. The system requires internet connectivity to check in with the TruU cloud to determine if it has been removed

​

Better user messaging for errors with FIDO2

• Organizations that configured the Windows Authenticator to use FIDO2 for Windows sign-in will now see better error messages when policies for using security keys are misconfigured.

​

Log files no longer written into system folders

• The Windows Authenticator no longer writes any data into the System32 directory, and should no longer trigger security software to think TruU is malicious.

​

FIDO2 Enrollment Improvements

• Enrollment for FIDO2-configured devices is now more flexible. If UAC and RDP are both disabled, no smart card certificate is requested, allowing enrollment to complete without an additional dependency. If either UAC or RDP is enabled, a certificate is requested and retried automatically on failure. Devices that already have a certificate are not affected. If a user on a FIDO2 device attempts an action that requires a certificate when none is available, a clear error message is shown directing them to contact their IT administrator.

​

Update .Net to 8.0.22

• TruU now supports .Net version 8.0.22. If you run our exe installer bundle it will update your system to the 8.0.22 version.

​

Bug Fixes

• We have fixed an issue where occasionally the mouse pointer would not be visible after signing in.
• We have fixed an issue with the placement of the menu when right clicking the TruU system tray icon
• We have added an error message when signing in and the system TPM was in a locked or disabled state
• We have fixed an issue where events were not sent to the Admin Console when signing in with a biometric timed out and the user was directed to use their PIN
• Biometric sign in events will now indicate if the user used their fingerprint or face
• We have fixed an issue where users would see an error screen while signing in and multiple sign in methods succeeded simultaneously. Users will no long see an error.
• We have fixed an issue where some users would see an errant window prompting them to enroll their biometrics
• We have improved the process to fetch a valid certificate when a system has been offline for a long time
• We have fixed an issue where users who are signing in and are trying to submit feedback were shown a message about downloading to their desktop which is not yet available
• We have added a prompt to restart the system when a failed Windows update puts the TPM into an invalid state
• We have fixed a crash that would occur when inserting a virtual smart card into the smart card reader
• When creating or changing the PIN, it is now more obvious when the PIN and confirmation do not match and the user is not allowed to proceed
• We have updated the sign in behavior to close any error windows when switching credential providers
• We have fixed an issue where the number of enrollment begin and enrollment end events did not match
• We have fixed an issue where the credential provider label text was not displayed
• We have added self-healing capabilities to try installing missing drivers or enable smart card services when they are corrupted or disabled
• We have fixed an issue where FIDO2 sign-ins would fail after switching users
• We have fixed an issue where sign-in events were missing data
• We have fixed an issue where the TruU sign-in UI would not display
• We have improved the performance of displaying the sign-in UI after a system start
• We have fixed an issue where the keyboard would no longer respond when trying to sign in.
• We have fixed an issue where - when configured with an invalid URL for self service password recover - the sign-in screen would freeze
• We have improved the alignment of some items on the face biometric success screen
• We have fixed an issue where a user would see the wrong screen when an administrator had the user change their PIN multiple times
• We have fixed an issue during sign in where having the user selection drop down open, and the system recognized the user’s face or fingerprint would result in the sign-in screen freezing
• We have fixed a crash when the system was experiencing intermittent network connectivity
• We have added an error message informing the user their Windows Authenticator was installed using a configuration file with invalid OAuth credentials
• We have fixed an issue where users could not remove their biometrics when the “Device Biometrics” option was disabled in the Desktop Registration policy. Users can now remove biometrics at any time, regardless of policy settings. When biometrics are prevented by policy and no compatible camera is connected, a clear message is shown.
• We have fixed a UI layout issue where text stretching caused the TruU logo, close button, and info button to be positioned incorrectly in the enrollment window.
• We have fixed an issue where camera switching during face verification did not work correctly when an external camera was unplugged and then reconnected. The authenticator now properly reactivates the external camera when it is plugged back in.
• We have fixed an issue where fingerprint enrollment would pause silently when the enrollment window lost focus, leaving users unaware of why progress had stopped. The window now displays “Fingerprint capture paused” and instructs the user to click the window to resume.
• We have fixed an issue where the username field in the Admin Console showed as blank instead of “Unspecified” when logs were submitted from the lock screen or a local account.
• We have fixed an issue where configuration changes in the application config were not applied after upgrading from an older version.
• We have fixed an issue where timer-dependent logic could behave incorrectly on some machines due to overly long delays between ticks.
• We have fixed an issue where configuration values from the application config file were not applied when installing via MSI.
• We have fixed an issue where the enrollment file could not be found, causing an unhandled exception on startup.
• We have fixed an issue where an unhandled exception was thrown when no biometric sensors were detected on the device.

​

Known Issues