(Updated) Microsoft Authenticator app: Upcoming changes to jailbreak and root detection

🚨 The Signal: Microsoft Authenticator will block Entra ID credentials on jailbroken or rooted mobile devices. This enhances security by preventing access from compromised devices, improving identity protection without admin configuration.

The Impact

Users on jailbroken/rooted devices will be blocked from accessing Entra ID resources, reducing the risk of credential compromise.

  • End users on non-compliant devices will lose access to corporate resources.
  • Security teams will see a reduction in risk from compromised mobile endpoints.
  • Identity teams will have stronger assurance of device integrity for MFA.
  • Help desk may see increased tickets from users with blocked devices.

The Action

  1. Communicate to users about the upcoming blocking of Entra ID credentials on jailbroken/rooted devices.
  2. Advise users to migrate Entra ID credentials to compliant, non-jailbroken/rooted devices.
  3. Review existing mobile device policies to ensure alignment with this new security enforcement.
  4. Monitor Entra ID sign-in logs for failed authentications from blocked devices to identify affected users.

Domain: Entra · Impact: high · Workload: Entra ID · Essential Eight: Multi-Factor Authentication, User Application Hardening · ISM: ISM-0109, ISM-0123, ISM-0140, ISM-0974, ISM-1173, ISM-1228, ISM-1401, ISM-1412, ISM-1485, ISM-1486, ISM-1504, ISM-1505, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1679, ISM-1680, ISM-1681, ISM-1682, ISM-1683, ISM-1815, ISM-1819, ISM-1823, ISM-1824, ISM-1859, ISM-1860, ISM-1872, ISM-1873, ISM-1874, ISM-1892, ISM-1893, ISM-1894, ISM-1906, ISM-1907