Starting February 2026, Microsoft Authenticator will block Entra credentials on jailbroken/rooted iOS and Android devices through a phased rollout: warning, blocking, then wiping credentials. This security feature requires no admin setup. Users on compliant devices remain unaffected. Organizations should notify users and update documentation accordingly.
I really think we need a :microsoft-cool: emoji
In my mind it’s ok because much of the utility of TOTP is to mitigate for people reusing the same password on multiple sites.
But there are other threats like someone accessing your device that might be mitigated with TOTP but aren’t when the TOTP is in the password manager.