diff --git a/docs/security.rst b/docs/security.rst
index 5c4a40e63..72bd960b9 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -318,16 +318,17 @@ Specify a list of OAUTH_PROVIDERS in **config.py** that you want to allow for yo
             "remote_app": {
                 "client_id": "AZURE_APPLICATION_ID",
                 "client_secret": "AZURE_SECRET",
-                "api_base_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2",
+                "api_base_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2/v2.0",
                 "client_kwargs": {
-                    "scope": "User.read name preferred_username email profile upn",
+                    "scope": "email profile openid",
                     "resource": "AZURE_APPLICATION_ID",
                     # Optionally enforce signature JWT verification
                     "verify_signature": False
                 },
                 "request_token_url": None,
-                "access_token_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2/token",
-                "authorize_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2/authorize",
+                "access_token_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2/v2.0/token",
+                "authorize_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2/v2.0/authorize",
+                "jwks_uri": "https://login.microsoftonline.com/common/discovery/v2.0/keys",
             },
         },
         {
diff --git a/examples/oauth/config.py b/examples/oauth/config.py
index 87ea00602..3c7008525 100644
--- a/examples/oauth/config.py
+++ b/examples/oauth/config.py
@@ -72,18 +72,19 @@
         "remote_app": {
             "client_id": os.environ.get("AZURE_APPLICATION_ID"),
             "client_secret": os.environ.get("AZURE_SECRET"),
-            "api_base_url": f"https://login.microsoftonline.com/{os.environ.get('AZURE_TENANT_ID')}/oauth2",
+            "api_base_url": f"https://login.microsoftonline.com/{os.environ.get('AZURE_TENANT_ID')}/oauth2/v2.0",
             "client_kwargs": {
-                "scope": "User.read name preferred_username email profile upn",
+                "scope": "email profile openid",
                 "resource": os.environ.get("AZURE_APPLICATION_ID"),
             },
             "request_token_url": None,
             "access_token_url": f"https://login.microsoftonline.com/"
             f"{os.environ.get('AZURE_TENANT_ID')}/"
-            "oauth2/token",
+            "oauth2/v2.0/token",
             "authorize_url": f"https://login.microsoftonline.com/"
             f"{os.environ.get('AZURE_TENANT_ID')}/"
-            f"oauth2/authorize",
+            f"oauth2/v2.0/authorize",
+            "jwks_uri": "https://login.microsoftonline.com/common/discovery/v2.0/keys",
         },
     },
     {