Graphene is NOT a jailbroken/rooted OS, its a real secure unrooted, bootloader locked OS, and MS Authenticotor works just fine. If anything does not work its related to dependency of the App maker on a certain attestation google play services grapheneos.org/articles/attestation-compatibility-guide
Root =/= insecure. You probably have administrator access on your home computer operating system, and can very likely do online banking via the web browser with no issues. A secure API is possible regardless of the host metal, operating system, or user permissions.
Do you refer to app-accessible root or user root access? The former is absolutely inherently insecure and compromises the security model of Android/GOS.
Root on computers is insecure. Malware can steal secrets from other applications. We're just used to it, but the Android security model is much better.
Bingo!
Compliance =!= Security
This does not play a role - even if you lock your bootloader Play Integrity Checks still fails, and that means you can't use certain apps, MDM and overall restricts your usage. Thank Google for that.