diff --git a/authentik/sources/oauth/tests/test_type_azure_ad.py b/authentik/sources/oauth/tests/test_type_azure_ad.py
index ff9b078f9..2f1e1731e 100644
--- a/authentik/sources/oauth/tests/test_type_azure_ad.py
+++ b/authentik/sources/oauth/tests/test_type_azure_ad.py
@@ -44,3 +44,7 @@ class TestTypeAzureAD(TestCase):
         self.assertEqual(ak_context["username"], AAD_USER["userPrincipalName"])
         self.assertEqual(ak_context["email"], AAD_USER["mail"])
         self.assertEqual(ak_context["name"], AAD_USER["displayName"])
+
+    def test_user_id(self):
+        """Test azure AD user ID"""
+        self.assertEqual(AzureADOAuthCallback().get_user_id(AAD_USER), AAD_USER["id"])
diff --git a/authentik/sources/oauth/types/azure_ad.py b/authentik/sources/oauth/types/azure_ad.py
index 3ed0496a6..80c92141b 100644
--- a/authentik/sources/oauth/types/azure_ad.py
+++ b/authentik/sources/oauth/types/azure_ad.py
@@ -25,6 +25,11 @@ class AzureADOAuthCallback(OpenIDConnectOAuth2Callback):
 
     client_class = UserprofileHeaderAuthClient
 
+    def get_user_id(self, info: dict[str, str]) -> str:
+        # Default try to get `id` for the Graph API endpoint
+        # fallback to OpenID logic in case the profile URL was changed
+        return info.get("id", super().get_user_id(info))
+
     def get_user_enroll_context(
         self,
         info: dict[str, Any],