Microsoft Authenticator app: Upcoming changes to jailbreak and root detection

Originally posted by Microsoft Oct 27, 2025 Uncategorized 0 Comments

Starting February 2026, Microsoft Authenticator will block Entra credentials on jailbroken/rooted iOS and Android devices through a phased rollout: warning, blocking, then wiping credentials. This security feature requires no admin setup. Users on compliant devices remain unaffected. Organizations should notify users and update documentation accordingly.

Starting February 2026, we will introduce jailbreak and root detection for Entra credentials in the Microsoft Authenticator app on both iOS and Android platforms. This change enhances security by preventing Entra credentials from functioning on jailbroken/rooted devices. All existing Entra credentials on jailbroken or rooted devices will be wiped to protect your organization. This capability is secure by default and does not require any admin configuration or control.

When this will happen

General Availability (Worldwide) rollout begins in February 2026 and is expected to complete in April 2026.

How this affects your organization

Who is affected: All users of Microsoft Authenticator on iOS and Android whose Entra credentials are registered on jailbroken or rooted device.

What will happen:

The feature is secure by default.

Users on jailbroken or rooted devices will experience the following phased rollout:
- Phase 1 – Warning Mode: Users receive a warning that their device is jailbroken or rooted and will be blocked in the future (screenshots 1-4):
- Phase 2 – Blocking Mode: Users are blocked from registering Entra credentials or signing in via Authenticator (screenshots 5-6):
- Phase 3 – Wipe Mode: Existing Entra credentials are wiped from jailbroken or rooted devices (screenshots 7-10):