Microsoft Authenticator Will Block Rooted Android and Jailbroken iOS Devices in 2026

Microsoft continues tightening security across its services, and Microsoft Authenticator is the latest tool to receive new protections. According to Windows Latest, the company will soon detect rooted Android phones and jailbroken iPhones and gradually block them from using the Authenticator app.

The change was spotted in the Microsoft 365 Admin Center and currently applies to organizations using Microsoft Entra identity services. Microsoft says the policy aims to reduce the risk of compromised devices accessing sensitive authentication data.

The rollout has already started for Android devices and will expand to iOS soon.

Rollout begins on Android and arrives on iOS in April

The new security enforcement began rolling out to Android devices in the last week of February 2026. Microsoft plans to start the iOS rollout in April 2026, with full deployment expected by mid-2026.

The update cannot be disabled by administrators or users. Once enforcement reaches its final stage, devices detected as rooted or jailbroken will no longer be able to use Microsoft Authenticator.

Microsoft warns that modified operating systems can expose authentication tokens and other sensitive information, which could allow attackers to bypass security protections.

Three-phase enforcement will gradually lock compromised devices out

Microsoft will introduce the restriction in three stages so organizations and users have time to transition away from modified devices.

The first stage introduces a warning mode. Authenticator detects a rooted Android device or a jailbroken iPhone and displays security alerts inside the app. Users can still sign in temporarily during this phase.

The second stage enables blocking mode. At that point, users will no longer be able to sign in with work or school accounts, and features such as two-factor authentication and passwordless sign-in stop working. The app effectively becomes unusable for account authentication.

The final stage activates wipe mode. Microsoft Authenticator logs the user out automatically and removes all stored account data from the device. Users must contact their organization to restore access from a compliant device.

Microsoft gives users time to switch to secure devices

Microsoft expects the full enforcement of the policy to finish by June 2026. The company says the phased rollout gives users time to move to devices that run official operating systems without root or jailbreak modifications.

Restrictions like these already appear in many banking and financial apps, which often block compromised devices to prevent credential theft and unauthorized account access.

The Authenticator change arrives as Microsoft continues strengthening security across its ecosystem. The company recently confirmed that Microsoft Defender will drop support for devices running iOS 16 or earlier. Microsoft has also delayed the forced migration to the new Outlook for enterprise customers, giving organizations more time to prepare for that transition.