Microsoft Authenticator to nuke Entra creds on rooted and jailbroken phones

Microsoft is removing Entra credentials for school and work from jailbroken and rooted devices running iOS and Android.

The process is automatic and there is no opt-out. If Microsoft Authenticator detects that a device has been jailbroken or rooted, it will first display a warning, then block access, and finally wipe credentials. The procedure is already underway for Android devices, and iOS devices will follow in April 2026.

If all goes to plan, Microsoft will complete the process by July 2026. The app will warn, block, and wipe data "during any interactive operation that involves a work or school account in Microsoft Authenticator."

There is an argument that an employer should provide employees with suitably locked-down devices anyway, and a jailbroken or rooted device might allow apps to cause all sorts of mischief that could bypass Microsoft's security controls and cause multi-factor authentication (MFA) headaches.

However, there are also ...