"If Microsoft Authenticator detects that a device has been jailbroken or rooted, it will first display a warning, then block access, and finally wipe credentials. The procedure is already underway for Android devices, and iOS devices will follow in April 2026. If all goes to plan, Microsoft will complete the process by July 2026."
"There is an argument that an employer should provide employees with suitably locked-down devices anyway, and a jailbroken or rooted device might allow apps to cause all sorts of mischief that could bypass Microsoft's security controls and cause multi-factor authentication (MFA) headaches."
"However, there are also good reasons to use a device - particularly an Android - that qualifies as jailbroken or rooted. There is plenty of software that only works on devices no longer solely part of a given vendor's ecosystem, although it is important to understand the risks involved."
Microsoft is implementing automatic credential removal for Entra accounts on jailbroken and rooted devices across iOS and Android platforms. The process is mandatory with no opt-out option. When Microsoft Authenticator detects a compromised device, it displays a warning, blocks access, and wipes credentials during any work or school account operation. Android enforcement is already underway, with iOS following in April 2026 and full completion targeted for July 2026. While employers typically provide locked-down devices and jailbroken devices pose security risks to MFA systems, legitimate reasons exist for using modified devices, particularly Android. Microsoft has not disclosed specific detection methods or addressed concerns about restrictions on alternative operating systems like GrapheneOS.
#mobile-security #device-management #credential-protection #jailbreak-detection #enterprise-authentication
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]