diff --git a/app/pages/api/auth/[...nextauth].ts b/app/pages/api/auth/[...nextauth].ts
index 20db8b0b88..ed9d6e7fb9 100644
--- a/app/pages/api/auth/[...nextauth].ts
+++ b/app/pages/api/auth/[...nextauth].ts
@@ -142,6 +142,7 @@ export default NextAuth({
       clientId: process.env.AZURE_AD_CLIENT_ID,
       clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
       tenantId: process.env.AZURE_AD_TENANT_ID,
+      profilePhotoSize: 48,
     }),
     SpotifyProvider({
       clientId: process.env.SPOTIFY_ID,
diff --git a/src/providers/azure-ad-b2c.ts b/src/providers/azure-ad-b2c.ts
index 085f3c5121..4e69baaf8a 100644
--- a/src/providers/azure-ad-b2c.ts
+++ b/src/providers/azure-ad-b2c.ts
@@ -19,7 +19,12 @@ export interface AzureB2CProfile {
 
 export default function AzureADB2C<
   P extends Record<string, any> = AzureB2CProfile
->(options: OAuthUserConfig<P> & { primaryUserFlow: string }): OAuthConfig<P> {
+>(
+  options: OAuthUserConfig<P> & {
+    primaryUserFlow: string
+    tenantId: string
+  }
+): OAuthConfig<P> {
   const { tenantId, primaryUserFlow } = options
   return {
     id: "azure-ad-b2c",
diff --git a/src/providers/azure-ad.js b/src/providers/azure-ad.ts
similarity index 56%
rename from src/providers/azure-ad.js
rename to src/providers/azure-ad.ts
index ba0565f021..effaa7f064 100644
--- a/src/providers/azure-ad.js
+++ b/src/providers/azure-ad.ts
@@ -1,6 +1,25 @@
-/** @type {import(".").OAuthProvider} */
-export default function AzureAD(options) {
+import { OAuthConfig, OAuthUserConfig } from "./oauth"
+
+export interface AzureADProfile {
+  sub: string
+  nicname: string
+  email: string
+  picture: string
+}
+
+export default function AzureAD<P extends Record<string, any> = AzureADProfile>(
+  options: OAuthUserConfig<P> & {
+    /**
+     * https://docs.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0#examples
+     * @default 48
+     */
+    profilePhotoSize?: 48 | 64 | 96 | 120 | 240 | 360 | 432 | 504 | 648
+    /** @default "common" */
+    tenantId?: string
+  }
+): OAuthConfig<P> {
   const tenant = options.tenantId ?? "common"
+  const profilePhotoSize = options.profilePhotoSize ?? 48
 
   return {
     id: "azure-ad",
@@ -15,7 +34,7 @@ export default function AzureAD(options) {
     async profile(profile, tokens) {
       // https://docs.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0#examples
       const profilePicture = await fetch(
-        "https://graph.microsoft.com/v1.0/me/photo/$value",
+        `https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`,
         {
           headers: {
             Authorization: `Bearer ${tokens.access_token}`,
diff --git a/src/providers/oauth.ts b/src/providers/oauth.ts
index 43435c3b5d..f92ef61083 100644
--- a/src/providers/oauth.ts
+++ b/src/providers/oauth.ts
@@ -130,8 +130,6 @@ export interface OAuthConfig<P> extends CommonProviderOptions, PartialIssuer {
   region?: string
   // TODO: only allow for some
   issuer?: string
-  // TODO: only allow for Azure Active Directory B2C and FusionAuth
-  tenantId?: string
   /**
    * The options provided by the user.
    * We will perform a deep-merge of these values