Microsoft Authenticator is about to wipe work accounts from jailbroken/rooted phones automatically π.
-
@fluffykittycat @merill ah, the famous "use your own private resources for the benefit of the company".
@silhouette@dumbfuckingweb.site @fluffykittycat@furry.engineer @merill@infosec.exchange how else can we call you when you're supposedly sleeping or on vacation?
-
Microsoft Authenticator is about to wipe work accounts from jailbroken/rooted phones automatically
.No IT config needed.
3-phase rollout starting Feb 2026:
οΈ Warn β 
Block β 
οΈ WipeLet your help desk and security teams know.
Bloody hell? This looks like fascism to me.
-
@merill I wonder who of the people complaining here doβ¦
1. β¦ own a rooted / jailbroken phone
2. β¦ have Microsoft Authenticator installed on this phone
3. β¦ do use MS Authenticator in combination with an Azure Active Directory account.@kontrollierterWahnwitz @merill I'm stuck with Microsoft Authenticator for my work Azure login. I have to use my personal device as they will not issue me one, and no other authenticator option is permitted.
I don't have a rooted device at the moment, but I was planning on rooting it in a couple years when my manufacturer inevitably stops providing updates.
I'm going to ask my work if they can relax the restrictions to allow other authenticators after this change. Otherwise, I'll need to fork up for a new phone out of my own pocket instead of being able to extend the life of my current one.
-
@merill this idiocy looks like something @GrapheneOS will want to respond to. Microsoft doesn't care if the OS has the latest patches, only that it was certified by the duopoly.
@pq1r @merill @GrapheneOS GrapheneOS doesn't support rooting, so they don't need to do anything.
-
@merill I have to admit one of the reasons I use the web application for Outlook on my phone is because installing the Outlook app and adding my work account to it would in theory give work access to control (parts of) my phone - which I don't want. I didn't think the authenticator alone would give that level of access to the device though!
Is this likely to just drive more people to switch to using Google's authenticator (or another TOTP app) instead of the Microsoft one? I do anyway, because I was already using it for other sites, and it was easier to have them all in one place. You'd lose push authentications: but I feel safer without those anyway!
@lnr @merill *If* you consider using another TOTP app, I recommend 2FAS Authenticator. Other than the MS and Google authenticators, who are incredibly greedy data harvesters, 2FAS phones home nothing but anonymised diagnostics data. (It does, optionally, sync/backup on Google Drive/iCloud.) Has been working well for me for years. Open source, on Android and iOS.
2FAS Auth
Meet your favourite 2FA app. We are an open-source, community-driven, private and simple solution for Internet's biggest threat - security breaches.
(2fas.com)
-
@kontrollierterWahnwitz @merill I'm stuck with Microsoft Authenticator for my work Azure login. I have to use my personal device as they will not issue me one, and no other authenticator option is permitted.
I don't have a rooted device at the moment, but I was planning on rooting it in a couple years when my manufacturer inevitably stops providing updates.
I'm going to ask my work if they can relax the restrictions to allow other authenticators after this change. Otherwise, I'll need to fork up for a new phone out of my own pocket instead of being able to extend the life of my current one.
To be clear: I don't linke the approach MS is doing here and I don't want to blame the people here.
From my understanding, it is your company's job to provide you a device that suits to their environment. For cases like these I have a stock company smartphone without a SIM.
As soon as employers say that you should BYOD, it is not your device anymore. It is the employer's.
