diff --git a/content/docs/identity-providers/azure.mdx b/content/docs/identity-providers/azure.mdx
index c49cf99bd..cee5e2556 100644
--- a/content/docs/identity-providers/azure.mdx
+++ b/content/docs/identity-providers/azure.mdx
@@ -90,6 +90,12 @@ You will use the [**Group ID**](https://docs.microsoft.com/en-us/graph/api/group
 
 :::
 
+:::note
+
+We recommend using the v2.0 access token format, which you can request by setting the application manifest [`accessTokenAcceptedVersion`](https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest#accesstokenacceptedversion-attribute) attribute to `2`. If you use Terraform to configure your Entra application, set [`requested_access_token_version = 2`](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/application.html#requested_access_token_version-1) in your `azuread_application`.
+
+:::
+
 1. From the **App registrations** page, select **API permissions**:
 
    - Select **+ Add a permission**, then **Microsoft Graph API**