Microsoft Authenticator mobile app will undergo a big change in the coming months. In order to heighten security, the app will detect if the phone is jailbroken or rooted. Since these phones running custom OS don’t fully adhere to security practices, Microsoft will issue an update to block and phase out such devices in a planned manner.
First spotted by Windows Latest in an update to the admin center, this change applies only to Microsoft Entra customers, at least for now.
The Android rollout has already begun the last week of February 2026 and will be completed by mid-2026. iOS devices will get slightly more time because rollout starts in April 2026, but plans to finish alongside the Android date.
You must understand that it’s not an opt-out feature. Microsoft won’t let you ignore the warnings and continue using Authenticator on compromised phone operating systems.
It’s not a surprising decision because jailbroken/rooted phones run a custom version of Android or the Linux operating system. Apps have more access than they need, and malicious ones can steal data from the Authenticator. It’s the reason behind banning jailbroken devices altogether.
How does Microsoft plan to phase out support for Authentication on rooted or jailbroken devices?
Phase 1: Warning Mode
This will be the initial mode to inform users not to use jailbroken phones for Microsoft Authenticator.
The app will show a “Your device is jailbroken. This device has been modified to bypass
built-in security protections. You’ll eventually be unable to add or use your work or school accounts on this device.” warning.
It’ll suggest to “Contact your organization’s support team for help.” The second page will mention in bold that “Your device is rooted and has been modified to bypass built-in-
in security protections.”
Microsoft won’t block you from accessing your credentials at this stage, and you can click the Continue button.
Phase 2: Blocking Mode
In this phase, Microsoft Authenticator will adopt a more serious stance and show the same warnings as before. You’ll see a new warning about blocking you from using a work or school account to sign in to Authenticator.
It won’t stop at that, and also prevent you from using Microsoft Authenticator for any kind of 2FA (two-factor authentication) activities or using password-less sign-in features.
So, the app will launch and go to the home screen, but you won’t be able to use it for anything, making it redundant.
Phase 3: Wipe Mode
It’s the last phase where Authenticator will wipe your data without asking you. Since you’ve ignored the previous two phases and didn’t switch to a non-rooted/jailbroken phone, you’ll suffer the wrath.
The app will log you out and remove any traces of your personal data on the phone. There’s no option to access your saved accounts or use Authenticator features.
You can contact your organization’s support team for help if you want to access the account again.
There’s still time
Microsoft is giving you enough time to switch to a non-rooted/jailbroken phone and use Authenticator on it. While I doubt there will be too many of those because the only use case I can think of is for DIY users.
Running a custom phone OS is more of a DIY thing for those who want to escape the Google or iOS ecosystem, and I don’t expect a huge user base for Authenticator in that community.
Payment and other finance apps have locked out jailbroken phones for a long time. Authenticator handles sign-in to multiple accounts, and it’s a major security risk to allow it to work on compromised devices. It was due for a long time, and the rollout will be completed by June 2026.
The post Microsoft Authenticator will crack down on jailbroken/rooted iOS and Android phones for enterprises appeared first on Windows Latest