diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend-v2/README.md b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend-v2/README.md
index 06304db4a718..eeee19e09b37 100644
--- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend-v2/README.md
+++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend-v2/README.md
@@ -41,6 +41,13 @@ azure.activedirectory.tenant-id=xxxxxx-your-tenant-id-xxxxxx
 # If not, the logged in user will not be able to access any authorization controller rest APIs
 azure.activedirectory.user-group.allowed-groups=group1, group2
 ```
+The `azure-active-directory-spring-boot-starter` uses Azure AD Connect v2.0 endpoints by default. To use v1.0, please specify the following endpoints in properties.
+```
+spring.security.oauth2.client.provider.azure.authorization-uri=https://login.microsoftonline.com/common/oauth2/authorize
+spring.security.oauth2.client.provider.azure.token-uri=https://login.microsoftonline.com/common/oauth2/token
+spring.security.oauth2.client.provider.azure.user-info-uri=https://login.microsoftonline.com/common/openid/userinfo
+spring.security.oauth2.client.provider.azure.jwk-set-uri=https://login.microsoftonline.com/common/discovery/keys
+```
 
 ### Run with Maven
 
diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/README.md b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/README.md
index c66d81568c6b..cf3216b74041 100644
--- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/README.md
+++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/README.md
@@ -37,6 +37,14 @@ azure.activedirectory.user-group.allowed-groups=group1, group2
 If `azure.activedirectory.tenant-id` is configured, `AADOAuth2LoginSecurityConfig` will take effect and this app will use AAD to authentication and authorization.
 If `azure.activedirectory.tenant-id` is **NOT** configured, `NoLoginSecurityConfig` will take effect and this app will **NOT** use AAD to  authentication and authorization.
 
+The `azure-active-directory-spring-boot-starter` uses Azure AD Connect v2.0 endpoints by default. To use v1.0, please specify the following endpoints in properties.
+```
+spring.security.oauth2.client.provider.azure.authorization-uri=https://login.microsoftonline.com/common/oauth2/authorize
+spring.security.oauth2.client.provider.azure.token-uri=https://login.microsoftonline.com/common/oauth2/token
+spring.security.oauth2.client.provider.azure.user-info-uri=https://login.microsoftonline.com/common/openid/userinfo
+spring.security.oauth2.client.provider.azure.jwk-set-uri=https://login.microsoftonline.com/common/discovery/keys
+```
+
 ### Run with Maven
 ```shell
 # Under sdk/spring project root directory
diff --git a/sdk/spring/azure-spring-boot/src/main/resources/aad-oauth2-common.properties b/sdk/spring/azure-spring-boot/src/main/resources/aad-oauth2-common.properties
index ff355a06c5de..45af803a60a5 100644
--- a/sdk/spring/azure-spring-boot/src/main/resources/aad-oauth2-common.properties
+++ b/sdk/spring/azure-spring-boot/src/main/resources/aad-oauth2-common.properties
@@ -1,12 +1,13 @@
-spring.security.oauth2.client.provider.azure.authorization-uri=https://login.microsoftonline.com/common/oauth2/authorize
-spring.security.oauth2.client.provider.azure.token-uri=https://login.microsoftonline.com/common/oauth2/token
-spring.security.oauth2.client.provider.azure.user-info-uri=https://login.microsoftonline.com/common/openid/userinfo
-spring.security.oauth2.client.provider.azure.jwk-set-uri=https://login.microsoftonline.com/common/discovery/keys
+spring.security.oauth2.client.provider.azure.authorization-uri=\
+  https://login.microsoftonline.com/common/oauth2/v2.0/authorize
+spring.security.oauth2.client.provider.azure.token-uri=https://login.microsoftonline.com/common/oauth2/v2.0/token
+spring.security.oauth2.client.provider.azure.user-info-uri=https://graph.microsoft.com/oidc/userinfo
+spring.security.oauth2.client.provider.azure.jwk-set-uri=https://login.microsoftonline.com/common/discovery/v2.0/keys
 spring.security.oauth2.client.provider.azure.user-name-attribute=name
 
 spring.security.oauth2.client.registration.azure.client-authentication-method=post
 spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code
 spring.security.oauth2.client.registration.azure.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
-spring.security.oauth2.client.registration.azure.scope=openid, https://graph.microsoft.com/user.read
+spring.security.oauth2.client.registration.azure.scope=openid, https://graph.microsoft.com/user.read, profile
 spring.security.oauth2.client.registration.azure.client-name=Azure
 spring.security.oauth2.client.registration.azure.provider=azure