Starting February 2026, Microsoft Authenticator will block Entra credentials on jailbroken/rooted iOS and Android devices through a phased rollout: warning, blocking, then wiping credentials. This security feature requires no admin setup. Users on compliant devices remain unaffected. Organizations should notify users and update documentation accordingly.
I really think we need a :microsoft-cool: emoji
Aegis is good. If you are rooted it supports migrating secrets from other authenticators (though generally, rooting Android is not needed, and bad for your security).