diff --git a/src/libs/next-auth/sso-providers/azure-ad.ts b/src/libs/next-auth/sso-providers/azure-ad.ts
index 04e5e2a87cfe..43b8d62c0de2 100644
--- a/src/libs/next-auth/sso-providers/azure-ad.ts
+++ b/src/libs/next-auth/sso-providers/azure-ad.ts
@@ -2,6 +2,7 @@ import AzureAD from 'next-auth/providers/azure-ad';
 
 import { authEnv } from '@/config/auth';
 
+import { getMicrosoftEntraIdIssuer } from './microsoft-entra-id-helper';
 import { CommonProviderConfig } from './sso.config';
 
 const provider = {
@@ -14,8 +15,7 @@ const provider = {
     // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
     clientId: authEnv.AZURE_AD_CLIENT_ID ?? process.env.AUTH_AZURE_AD_ID,
     clientSecret: authEnv.AZURE_AD_CLIENT_SECRET ?? process.env.AUTH_AZURE_AD_SECRET,
-    // @ts-ignore
-    tenantId: authEnv.AZURE_AD_TENANT_ID ?? process.env.AUTH_AZURE_AD_TENANT_ID,
+    issuer: getMicrosoftEntraIdIssuer(),
     // Remove end
     // TODO(NextAuth): map unique user id to `providerAccountId` field
     // profile(profile) {
diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts
new file mode 100644
index 000000000000..2d569016cf41
--- /dev/null
+++ b/src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts
@@ -0,0 +1,25 @@
+import { authEnv } from '@/config/auth';
+
+function getTenantId() {
+  return (
+    process.env.MICROSOFT_ENTRA_ID_TENANT_ID ??
+    process.env.AUTH_AZURE_AD_TENANT_ID ??
+    authEnv.AZURE_AD_TENANT_ID
+  );
+}
+
+function getIssuer() {
+  const issuer = process.env.MICROSOFT_ENTRA_ID_ISSUER;
+  if (issuer) {
+    return issuer;
+  }
+  const tenantId = getTenantId();
+  if (tenantId) {
+    // refs: https://github.com/nextauthjs/next-auth/discussions/9154#discussioncomment-10583104
+    return `https://login.microsoftonline.com/${tenantId}/v2.0`;
+  } else {
+    return undefined;
+  }
+}
+
+export { getIssuer as getMicrosoftEntraIdIssuer, getTenantId as getMicrosoftEntraIdTenantId };
diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts
index 7b5a158e6fd9..7ba821a7574b 100644
--- a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts
+++ b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts
@@ -1,5 +1,6 @@
 import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id';
 
+import { getMicrosoftEntraIdIssuer } from './microsoft-entra-id-helper';
 import { CommonProviderConfig } from './sso.config';
 
 const provider = {
@@ -9,6 +10,9 @@ const provider = {
     // Specify auth scope, at least include 'openid email'
     // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes
     authorization: { params: { scope: 'openid email profile' } },
+    clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID ?? process.env.AUTH_AZURE_AD_ID,
+    clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET ?? process.env.AUTH_AZURE_AD_SECRET,
+    issuer: getMicrosoftEntraIdIssuer(),
   }),
 };