diff --git a/src/core/constants.ts b/src/core/constants.ts
index 15e55f7e..d921d2fa 100644
--- a/src/core/constants.ts
+++ b/src/core/constants.ts
@@ -63,8 +63,8 @@ export const CUSTOM_AUTH_TOKEN_ENDPOINT_MAPPING: AuthIdentityTokenEndpoints = {
     path: "/login/oauth/access_token",
   },
   aad: {
-    host: "login.microsoft.com",
-    path: "/tenantId/oauth/v2.0/token",
+    host: "login.microsoftonline.com",
+    path: "/tenantId/oauth2/v2.0/token",
   },
 };
 export const CUSTOM_AUTH_USER_ENDPOINT_MAPPING: AuthIdentityTokenEndpoints = {
diff --git a/src/msha/auth/routes/auth-login-provider-callback.ts b/src/msha/auth/routes/auth-login-provider-callback.ts
index 685e8065..aaa98b6b 100644
--- a/src/msha/auth/routes/auth-login-provider-callback.ts
+++ b/src/msha/auth/routes/auth-login-provider-callback.ts
@@ -150,8 +150,8 @@ const getOAuthToken = function (authProvider: string, codeValue: string, clientI
     code: codeValue,
     client_id: clientId,
     client_secret: clientSecret,
-    ...(authProvider !== "github" && { grant_type: authProvider }),
-    ...(authProvider !== "github" && { redirect_uri: `${redirectUri}/.auth/login/${authProvider}/callback` }),
+    grant_type: "authorization_code",
+    redirect_uri: `${redirectUri}/.auth/login/${authProvider}/callback`,
   });
 
   let tokenPath = CUSTOM_AUTH_TOKEN_ENDPOINT_MAPPING?.[authProvider]?.path;
diff --git a/src/msha/auth/routes/auth-login-provider-custom.ts b/src/msha/auth/routes/auth-login-provider-custom.ts
index 517af0d9..00051392 100644
--- a/src/msha/auth/routes/auth-login-provider-custom.ts
+++ b/src/msha/auth/routes/auth-login-provider-custom.ts
@@ -90,7 +90,7 @@ const httpTrigger = async function (context: Context, request: IncomingMessage,
       location = `https://github.com/login/oauth/authorize?response_type=code&client_id=${clientId}&redirect_uri=${redirectUri}/.auth/login/github/callback&scope=read:user&state=${hashedState}`;
       break;
     case "aad":
-      location = `${aadIssuer}/authorize?response_type=code&client_id=${clientId}&redirect_uri=${redirectUri}/.auth/login/aad/callback&scope=openid&state=${hashedState}`;
+      location = `${aadIssuer}/authorize?response_type=code&client_id=${clientId}&redirect_uri=${redirectUri}/.auth/login/aad/callback&scope=openid+profile+email&state=${hashedState}`;
       break;
     default:
       break;