Microsoft Authenticator is about to wipe work accounts from jailbroken/rooted phones automatically 👏.

zsapi@mastodon.social

@merill yeah sure, make sure we can't control our devices as we want to, but only as the duopoly/governments allow. Great step toward freedom and security /s

agowa338@chaos.social

@xssfox @merill

Ehm, the azure codes are a bit different than the TOTP ones. Their app also has a kinda proprietary auth code format too. I think it is mainly about them. As for all others you literally just have to store a picture of the QR-Code you used to set them up...

Edit: But yea, it probably will end in there being a shady cracked version of the Microsoft Authenticator App that continues to work on rooted phones...

pq1r@tech.lgbt

@merill this idiocy looks like something @GrapheneOS will want to respond to. Microsoft doesn't care if the OS has the latest patches, only that it was certified by the duopoly.

xssfox@cloudisland.nz

@agowa338 @merill sure but you can get the private data which is the core point of this protection

agowa338@chaos.social

@xssfox @merill

Haven't actually looked at how they're doing it. But yea, you can always crack these things.

All that they're doing by adding root detection is forcing people that can't do this themselves to download a modified version off of some shady backyard Russian forum or something...

czauner@social.vivaldi.net

@merill

Well another pretty bad idea. You seem to have quite a streak with those, lately.

Time to stock up with popcorn and wait for the fallout.

krazov@mstdn.social

@merill Whoa.

exilsarahl@chaos.social

@merill is this a threat or promise?

pa27@mastodon.social

@merill Who is using MS Auth anyway? Not me for sure! Another reason not to have or use an MS account...

merill@infosec.exchange

Wow. So a LOT of you folks are not happy.

The good news is your org can still allow you to use passkeys and other Authenticator apps.

gbargoud@masto.nyc

@fluffykittycat @merill

You can opt out any time by showing documentation that you are in the files (tangentially mentioned because they cited your work in an email does not count sorry)

thaodan@mastodon.social

@fluffykittycat @merill It's kind of a grey area. They are right that open bootloaders are a security issue but then also you can relock it on some devices.
In any case I don't think I would use the Microsoft Authentication app anyway unless I have to.

harrymutt@social.vivaldi.net

@merill

Hmm, I would never in my life install any M$ crap on my /e/OS ungoogled Fairphone. It's not rooted, but I guess it's also among the undesirables...

For authentication to our goddamn work accounts on M$, I use AEGIS. Or the standard authenticator on Linux Mint. Export/Import between the two works like a charm.

And it could well be that we are moving away from microslob in the not so far future. Unthinkable not so long ago. Halleluja!

barubary@infosec.exchange

@merill Thank you for sabotaging my devices.

silhouette@dumbfuckingweb.site

@merill I'm gonna go out on a limb here and say that users that jailbreak their own private device wouldn't use MS Authenticator, and on company devices jailbreak wasn't allowed anyway.

the_wub@mastodon.social

@merill Blanket bans of any sort implemented by large and powerful companies always produce false positives that hurt non-customer that have to interact with their systems no matter how obliquely.

I do not use any Microsoft product or services directly but I am sure I will discover ways that this change will affect me. Likely at a moment I need to do something urgently.

Never forget Scunthorpe!

Scunthorpe problem - Wikipedia

(en.wikipedia.org)

aetios@sns.minovsky.space

@merill wow cringe

jtig@infosec.exchange

@merill people making a mountain from a molehill? On Mastodon? Never expected it…

Yes, it’s shitty. But:

• You can do non-Authenticator passkeys now, from other apps that you can use on non-Android devices
• If device-bound, Authenticator native passkeys are forced on your work device, you did not had a say in the matter already.
• If device-bound passkeys are mandated on your personal device, reject the use of work apps on your personal devices and get a security key instead!

ralph@hear-me.social

@merill

#alttext

Jailbreak/root detection in Microsoft Authenticator.
Between Feb to Jul 2026, Microsoft will introduce jailbreak/root detection in Microsoft Authenticator. Rollout will occur in three phases, and complete in July 2026.

Warn mode:
Your device is rooted.
You'll eventually be unable to add or use your work or school accounts on this device.
This device has been modified to bypass built-in security protections. You can no longer add or use a work or school account on this device
Contact your organization's support team for help.

Block mode:
Your device is rooted.
You can no longer add or use a work or school account on this device.
This device has been modified to bypass built-in security protections. You can no longer add or use a work or school account on this device.
Contact your organization's support team for help.

Wipe mode:
Your device is rooted.
You can no longer add or use a work or school account on this device.
This device has been modified to bypass built-in security protections.
Your work or school accounts have been removed from this device to protect your organization's data. Contact your organization's support team for help.

longplay_games@mastodon.gamedev.place

@merill TIL people actually use the MS authenticator