diff --git a/selfservice/strategy/oidc/provider_microsoft.go b/selfservice/strategy/oidc/provider_microsoft.go
index d69206ec4d87..85328806c50f 100644
--- a/selfservice/strategy/oidc/provider_microsoft.go
+++ b/selfservice/strategy/oidc/provider_microsoft.go
@@ -6,6 +6,7 @@ package oidc
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net/url"
 	"strings"
 
@@ -25,6 +26,7 @@ import (
 
 type ProviderMicrosoft struct {
 	*ProviderGenericOIDC
+	JWKSUrl string
 }
 
 func NewProviderMicrosoft(
@@ -36,6 +38,7 @@ func NewProviderMicrosoft(
 			config: config,
 			reg:    reg,
 		},
+		JWKSUrl: "https://login.microsoftonline.com/common/discovery/keys",
 	}
 }
 
@@ -127,3 +130,9 @@ type microsoftUnverifiedClaims struct {
 func (c *microsoftUnverifiedClaims) Valid() error {
 	return nil
 }
+
+func (p *ProviderMicrosoft) Verify(ctx context.Context, rawIDToken string) (*Claims, error) {
+	keySet := gooidc.NewRemoteKeySet(ctx, p.JWKSUrl)
+	ctx = gooidc.ClientContext(ctx, p.reg.HTTPClient(ctx).HTTPClient)
+	return verifyToken(ctx, keySet, p.config, rawIDToken, fmt.Sprintf("https://login.microsoftonline.com/%s/v2.0", p.config.Tenant))
+}