Microsoft Entra Credentials In The Authenticator App On Jail-broken...

Microsoft is implementing a significant security enhancement to its Authenticator app, introducing automatic detection of jailbroken and rooted devices for Microsoft Entra credentials.

Beginning in February 2026, the company will automatically delete all Microsoft Entra credentials stored on jailbroken iOS devices and rooted Android devices to prevent unauthorized access and strengthen the organization’s security posture.

The move represents Microsoft’s commitment to protecting enterprise credentials from potential compromise on compromised devices.

Jailbroken and rooted devices bypass built-in security controls, making them vulnerable to credential theft and malicious software installation.

By wiping credentials on these devices, Microsoft eliminates a significant attack vector that threat actors could exploit to gain unauthorized access to sensitive organizational resources.

The security feature will be automatically deployed across all Authenticator installations and requires no administrative configuration or IT team control.

This means organizations don’t need to adjust settings or deploy policies to activate the protection. The change applies uniformly to both iOS and Android platforms, ensuring consistent security across all mobile operating systems.

Microsoft designed this capability as secure by default, meaning the protection activates immediately without any manual intervention.

This approach reduces the burden on IT administrators while ensuring that all users receive the same level of protection regardless of their organization’s technical readiness or configuration.

Importantly, this change applies only to Microsoft Entra credentials and will not affect personal Microsoft accounts or third-party accounts stored in the Authenticator app.

Source: Cybersecurity News