Table of Contents
Why is Microsoft Authenticator warning about jailbreak or root, and when will it block Entra ID sign-ins?
Microsoft Authenticator is beginning to detect jailbroken iPhones and rooted Android phones, and it will progressively warn users, then block Entra ID (work/school) sign-ins, and then wipe Entra credentials on those devices as the rollout completes by mid-2026.
This protection is enabled by default, has no admin opt-out, and does not affect personal accounts.
Microsoft is rolling out jailbreak/root detection in the Microsoft Authenticator app for work or school accounts that use Entra credentials.
When Authenticator detects a jailbroken iOS device or a rooted Android device, the app will stop allowing Entra credentials to function on that device to protect the organization.
As part of this change, existing Entra credentials on affected devices will be wiped during the final stage of the rollout.
The rollout is staged and gradual, with an estimated gap of about one month between phases for impacted users.
Timeline that matters
Android general availability is expected to start as early as the end of February 2026 and complete by mid-2026.
iOS general availability is expected to start in April 2026 and complete by mid-2026.
Microsoft’s support guidance describes this as a February 2026 introduction of jailbreak/root detection for work or school accounts in Authenticator.
What users will experience (3 phases)
Phase 1: Warning mode shows a message that jailbreak/root is detected and that access will be blocked later.
Phase 2: Blocking mode prevents registering Entra credentials and prevents sign-in actions that rely on Authenticator for Entra.
Phase 3: Wipe mode deletes existing Entra credentials from Authenticator on that jailbroken/rooted device.