check before: 2026-02-28
Product:
Entra
Platform:
Android, iOS, Online, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message, User impact
Links:
Details:
Summary:
Starting late February 2026, Microsoft Authenticator will detect jailbroken/rooted devices on iOS and Android, blocking Entra credentials on such devices through phased warnings, blocking, and credential wiping. This security feature is automatic with no opt-out. Users on non-jailbroken/rooted devices are unaffected. Notify users and helpdesk accordingly.
Details:
Updated February 24, 2026: We have updated the timeline. Thank you for your patience.
[Introduction]
Starting end of February 2026, we will introduce jailbreak and root detection for Entra credentials in the Microsoft Authenticator app on both iOS and Android platforms. This change enhances security by preventing Entra credentials from functioning on jailbroken/rooted devices. All existing Entra credentials on jailbroken or rooted devices will be wiped to protect your organization. This capability is secure by default and does not require any admin configuration or control.
[When this will happen]
General Availability (Worldwide Android) rollout begins in end of February 2026 and is expected to complete in mid-year 2026 (previously April).
General Availability (Worldwide iOS) rollout begins in April 2026 (previously March) and is expected to complete in mid-year 2026 (previously April).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-10-25
updated:
2026-02-25
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
Starting in late February 2026, Microsoft Authenticator will implement a security feature that blocks Entra credentials on jailbroken or rooted devices, with a phased rollout that initially warns users before eventually blocking access and wiping credentials from affected devices.
Direct effects for Operations**
Credential Access Loss
Users on jailbroken/rooted devices will lose access to their Entra credentials, leading to potential disruptions in their work.
- roles: End Users, Helpdesk Staff
- references: https://support.microsoft.com/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc
User Experience Degradation
Users will experience phased warnings and eventual blocking, which can lead to frustration and confusion.
- roles: End Users, IT Support
- references: https://support.microsoft.com/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc
Increased Helpdesk Inquiries
Helpdesk staff will likely receive an influx of inquiries from users affected by the changes, increasing their workload.
- roles: Helpdesk Staff, IT Managers
- references: https://support.microsoft.com/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc
Documentation Updates Required
Internal documentation regarding the use of Microsoft Authenticator will need to be updated to reflect the new changes.
- roles: IT Documentation Specialists, IT Managers
- references: https://support.microsoft.com/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc
Security Compliance Risks
Failure to communicate these changes may lead to security compliance risks if users are unaware of the implications of using jailbroken/rooted devices.
- roles: Compliance Officers, IT Security Staff
- references: https://support.microsoft.com/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-02-25 | MC Messages | Updated January 22, 2026: We have updated the timeline. Thank you for your patience.
[Introduction] Starting end of February 2026, we will introduce jailbreak and root detection for Entra credentials in the Microsoft Authenticator app on both iOS and Android platforms. This change enhances security by preventing Entra credentials from functioning on jailbroken/rooted devices. All existing Entra credentials on jailbroken or rooted devices will be wiped to protect your organization. This capability is secure by default and does not require any admin configuration or control. [When this will happen] General Availability (Worldwide iOS) rollout begins in end of February 2026 and is expected to complete in May 2026 (previously April). General Availability (Worldwide Android) rollout begins in March 2026 (previously February) and is expected to complete in June 2026 (previously April). | Updated February 24, 2026: We have updated the timeline. Thank you for your patience.
[Introduction] Starting end of February 2026, we will introduce jailbreak and root detection for Entra credentials in the Microsoft Authenticator app on both iOS and Android platforms. This change enhances security by preventing Entra credentials from functioning on jailbroken/rooted devices. All existing Entra credentials on jailbroken or rooted devices will be wiped to protect your organization. This capability is secure by default and does not require any admin configuration or control. [When this will happen] General Availability (Worldwide Android) rollout begins in end of February 2026 and is expected to complete in mid-year 2026 (previously April). General Availability (Worldwide iOS) rollout begins in April 2026 (previously March) and is expected to complete in mid-year 2026 (previously April). |
| 2026-02-25 | MC Last Updated | 01/22/2026 21:20:03 | 2026-02-24T22:53:25Z |
| 2026-02-25 | MC Summary | Starting February 2026, Microsoft Authenticator will detect jailbroken/rooted devices and block Entra credentials on iOS and Android. The rollout includes warning, blocking, and wiping phases. This security feature is automatic with no opt-out. Users on non-jailbroken/rooted devices remain unaffected. Notify users and helpdesk accordingly. | Starting late February 2026, Microsoft Authenticator will detect jailbroken/rooted devices on iOS and Android, blocking Entra credentials on such devices through phased warnings, blocking, and credential wiping. This security feature is automatic with no opt-out. Users on non-jailbroken/rooted devices are unaffected. Notify users and helpdesk accordingly. |
| 2026-01-23 | MC Last Updated | 11/11/2025 21:33:49 | 2026-01-22T21:20:03Z |
| 2026-01-23 | MC Messages | Updated November 11, 2025: We have updated the content and the images below. Thank you for your patience.
[Introduction] Starting February 2026, we will introduce jailbreak and root detection for Entra credentials in the Microsoft Authenticator app on both iOS and Android platforms. This change enhances security by preventing Entra credentials from functioning on jailbroken/rooted devices. All existing Entra credentials on jailbroken or rooted devices will be wiped to protect your organization. This capability is secure by default and does not require any admin configuration or control. [When this will happen] General Availability (Worldwide) rollout begins in February 2026 and is expected to complete in April 2026. | Updated January 22, 2026: We have updated the timeline. Thank you for your patience.
[Introduction] Starting end of February 2026, we will introduce jailbreak and root detection for Entra credentials in the Microsoft Authenticator app on both iOS and Android platforms. This change enhances security by preventing Entra credentials from functioning on jailbroken/rooted devices. All existing Entra credentials on jailbroken or rooted devices will be wiped to protect your organization. This capability is secure by default and does not require any admin configuration or control. [When this will happen] General Availability (Worldwide iOS) rollout begins in end of February 2026 and is expected to complete in May 2026 (previously April). General Availability (Worldwide Android) rollout begins in March 2026 (previously February) and is expected to complete in June 2026 (previously April). |
| 2026-01-23 | MC End Time | 05/31/2026 09:00:00 | 2026-07-30T09:00:00Z |
| 2026-01-23 | MC Summary | Starting February 2026, Microsoft Authenticator will detect jailbroken/rooted devices on iOS and Android, blocking and eventually wiping Entra credentials on such devices in a phased rollout through April 2026. This security feature is automatic, affects only compromised devices, and requires no admin configuration. | Starting February 2026, Microsoft Authenticator will detect jailbroken/rooted devices and block Entra credentials on iOS and Android. The rollout includes warning, blocking, and wiping phases. This security feature is automatic with no opt-out. Users on non-jailbroken/rooted devices remain unaffected. Notify users and helpdesk accordingly. |
| 2025-11-12 | MC prepare | Notify users about this upcoming change.
Communicate to helpdesk staff that Authenticator will become unusable for Entra accounts on jailbroken or rooted devices. Update internal documentation if you reference Authenticator usage. No admin action is required to enable or configure this feature. Learn more: About Microsoft Authenticator | Microsoft Support [Compliance considerations] No compliance considerations identified, review as appropriate for your organization. https://support.microsoft.com/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc | Notify users about this upcoming change. Users will see error messages or banners in the Authenticator app during warning or blocking phases. These screens are dismissible but indicate the device status.
Communicate to helpdesk staff that Authenticator will become unusable for Entra accounts on jailbroken or rooted devices. Update internal documentation if you reference Authenticator usage. No admin action is required to enable or configure this feature. Learn more: About Microsoft Authenticator | Microsoft Support [Compliance considerations] No compliance considerations identified, review as appropriate for your organization. https://support.microsoft.com/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc |
| 2025-11-12 | MC MessageTagNames | Feature update, User impact, Admin impact | Updated message, Feature update, User impact, Admin impact |
| 2025-11-12 | MC Summary | Starting February 2026, Microsoft Authenticator will block Entra credentials on jailbroken/rooted iOS and Android devices through a phased rollout: warning, blocking, then wiping credentials. This security feature requires no admin setup. Users on compliant devices remain unaffected. Organizations should notify users and update documentation accordingly. | Starting February 2026, Microsoft Authenticator will detect jailbroken/rooted devices on iOS and Android, blocking and eventually wiping Entra credentials on such devices in a phased rollout through April 2026. This security feature is automatic, affects only compromised devices, and requires no admin configuration. |
| 2025-11-12 | MC Last Updated | 10/25/2025 00:09:11 | 2025-11-11T21:33:49Z |
| 2025-11-12 | MC Messages | [Introduction]
Starting February 2026, we will introduce jailbreak and root detection for Entra credentials in the Microsoft Authenticator app on both iOS and Android platforms. This change enhances security by preventing Entra credentials from functioning on jailbroken/rooted devices. All existing Entra credentials on jailbroken or rooted devices will be wiped to protect your organization. This capability is secure by default and does not require any admin configuration or control. [When this will happen] General Availability (Worldwide) rollout begins in February 2026 and is expected to complete in April 2026. | Updated November 11, 2025: We have updated the content and the images below. Thank you for your patience.
[Introduction] Starting February 2026, we will introduce jailbreak and root detection for Entra credentials in the Microsoft Authenticator app on both iOS and Android platforms. This change enhances security by preventing Entra credentials from functioning on jailbroken/rooted devices. All existing Entra credentials on jailbroken or rooted devices will be wiped to protect your organization. This capability is secure by default and does not require any admin configuration or control. [When this will happen] General Availability (Worldwide) rollout begins in February 2026 and is expected to complete in April 2026. |
| 2025-11-12 | MC Title | Microsoft Authenticator app: Upcoming changes to jailbreak and root detection | (Updated) Microsoft Authenticator app: Upcoming changes to jailbreak and root detection |
| 2025-11-12 | MC How Affect | Who is affected: All users of Microsoft Authenticator on iOS and Android whose Entra credentials are registered on jailbroken or rooted device.
What will happen: The feature is secure by default. Users on jailbroken or rooted devices will experience the following phased rollout: Phase 1 - Warning Mode: Users receive a warning that their device is jailbroken or rooted and will be blocked in the future (screenshots 1-4): Phase 2 - Blocking Mode: Users are blocked from registering Entra credentials or signing in via Authenticator (screenshots 5-6): Phase 3 - Wipe Mode: Existing Entra credentials are wiped from jailbroken or rooted devices (screenshots 7-10): Users on compliant (non-Jailbroken or non-rooted) devices will not be affected. | Who is affected: All users of Microsoft Authenticator on iOS and Android whose Entra credentials are registered on jailbroken or rooted device. This is going to be a continuous check.
What will happen: The feature is secure by default and enabled to all customers. There is no opt-out capability.. Users on jailbroken or rooted devices will experience the following phased rollout. An estimated gap between 3 phases is ~ 1 month. Phase 1 - Warning Mode: Users receive a warning that their device is jailbroken or rooted and will be blocked in the future (screenshots 1-4): Phase 2 - Blocking Mode: Users are blocked from registering Entra credentials or signing in via Authenticator (screenshots 5-8): Phase 3 - Wipe Mode: Existing Entra credentials are wiped from jailbroken or rooted devices (screenshots 9-11): Users on non-Jailbroken or non-rooted devices will not be affected. |
Last updated 3 weeks ago ago
