diff --git a/Gemfile b/Gemfile
index 66ca052dada0d3eb703db5e80c65d10b31773669..ec5de1fdd491fe9389dfab7c5fe230d4114cf6d7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -31,7 +31,8 @@ gem 'doorkeeper', '~> 5.5.0.rc2'
 gem 'doorkeeper-openid_connect', '~> 1.7.5'
 gem 'omniauth', '~> 1.8'
 gem 'omniauth-auth0', '~> 2.0.0'
-gem 'omniauth-azure-oauth2', '~> 0.0.9'
+gem 'omniauth-azure-activedirectory-v2', '~> 0.1'
+gem 'omniauth-azure-oauth2', '~> 0.0.9' # Deprecated v1 version
 gem 'omniauth-cas3', '~> 1.1.4'
 gem 'omniauth-facebook', '~> 4.0.0'
 gem 'omniauth-github', '~> 1.4'
diff --git a/Gemfile.lock b/Gemfile.lock
index 3962fe270733082e28299fd56fe219ffe884e355..3df61d25fc17d133f7bb809ff26605951f8fa61c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -776,6 +776,8 @@ GEM
     omniauth-authentiq (0.3.3)
       jwt (>= 1.5)
       omniauth-oauth2 (>= 1.5)
+    omniauth-azure-activedirectory-v2 (0.1.1)
+      omniauth-oauth2
     omniauth-azure-oauth2 (0.0.10)
       jwt (>= 1.0, < 3.0)
       omniauth (~> 1.0)
@@ -1448,6 +1450,7 @@ DEPENDENCIES
   omniauth-atlassian-oauth2 (~> 0.2.0)
   omniauth-auth0 (~> 2.0.0)
   omniauth-authentiq (~> 0.3.3)
+  omniauth-azure-activedirectory-v2 (~> 0.1)
   omniauth-azure-oauth2 (~> 0.0.9)
   omniauth-cas3 (~> 1.1.4)
   omniauth-facebook (~> 4.0.0)
diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb
index 24c1d224c894aaae91feb60265f8df673c6bfcf4..ad995a6ce68191e83d79f010926d1c53d17dbda2 100644
--- a/app/helpers/auth_helper.rb
+++ b/app/helpers/auth_helper.rb
@@ -1,7 +1,20 @@
 # frozen_string_literal: true
 
 module AuthHelper
-  PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2 facebook azure_oauth2 authentiq salesforce atlassian_oauth2 openid_connect).freeze
+  PROVIDERS_WITH_ICONS = %w(
+    atlassian_oauth2
+    authentiq
+    azure_activedirectory_v2
+    azure_oauth2
+    bitbucket
+    facebook
+    github
+    gitlab
+    google_oauth2
+    openid_connect
+    salesforce
+    twitter
+  ).freeze
   LDAP_PROVIDER = /\Aldap/.freeze
 
   def ldap_enabled?
diff --git a/changelogs/unreleased/sh-azure-ad-v2-omniauth.yml b/changelogs/unreleased/sh-azure-ad-v2-omniauth.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cb11aa9792077f367683685e2b5506985aa2912c
--- /dev/null
+++ b/changelogs/unreleased/sh-azure-ad-v2-omniauth.yml
@@ -0,0 +1,5 @@
+---
+title: Add Azure ActiveDirectory v2 OmniAuth provider
+merge_request: 54265
+author:
+type: added
diff --git a/doc/integration/azure.md b/doc/integration/azure.md
index c83ef650f5470cc495ddc02a103cda07d310a227..19133fd45031e56fdb801534a788a6f933f07189 100644
--- a/doc/integration/azure.md
+++ b/doc/integration/azure.md
@@ -9,6 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 NOTE:
 Per Microsoft, this provider uses the [older Azure Active Directory v1.0 endpoint](https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-protocols-oauth-code).
 Microsoft documentation suggests that you should use the [OpenID Connect protocol to use the v2 endpoints](../administration/auth/oidc.md#microsoft-azure) for new projects.
+To use v2 endpoints via OmniAuth, please follow [Microsoft Azure OAuth2 OmniAuth Provider v2 instructions](#microsoft-azure-oauth2-omniauth-provider-v2).
 
 To enable the Microsoft Azure OAuth2 OmniAuth provider, you must register your application with Azure. Azure generates a client ID and secret key for you to use.
 
@@ -94,3 +95,106 @@ sign in and authorize the GitLab application. If successful, you are returned to
 
 Read [Enable OmniAuth for an Existing User](omniauth.md#enable-omniauth-for-an-existing-user)
 for information on how existing GitLab users can connect to their newly-available Azure AD accounts.
+
+## Microsoft Azure OAuth2 OmniAuth Provider v2
+
+In order to use v2 endpoints provided by Microsoft Azure Active Directory you must to configure it via Azure OAuth2 OmniAuth Provider v2.
+
+### Registering an Azure application
+
+To enable the Microsoft Azure OAuth2 OmniAuth provider, you must register your application with Azure. Azure generates a client ID and secret key for you to use.
+
+Sign in to the [Azure Portal](https://portal.azure.com), and follow the instructions in
+the [Microsoft Quickstart documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app).
+
+As you go through the Microsoft procedure, keep the following in mind:
+
+- If you have multiple instances of Azure Active Directory, you can switch to the desired tenant.
+- You're setting up a Web application.
+- The redirect URI requires the URL of the Azure OAuth callback of your GitLab
+  installation. For example, `https://gitlab.example.com/users/auth/azure_oauth2/callback`.
+  The type dropdown should be set to **Web**.
+- The `client ID` and `client secret` are terms associated with OAuth 2. In some Microsoft documentation,
+  the terms may be listed as `Application ID` and `Application Secret`.
+- If you need to generate a new client secret, follow the Microsoft documentation
+  for [creating a new application secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-a-new-application-secret).
+- Save the client ID and client secret for your new app, as the client secret is only
+  displayed one time.
+
+### Adding API permissions (scopes)
+
+Once you have created an application, follow the [Microsoft Quickstart documentation to expose a web API](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-expose-web-apis). Be sure to add the following delegated permissions under the Microsoft Graph API:
+
+- `email`
+- `openid`
+- `profile`
+
+### Configuring GitLab
+
+1. On your GitLab server, open the configuration file.
+
+   For Omnibus GitLab:
+
+   ```shell
+   sudo editor /etc/gitlab/gitlab.rb
+   ```
+
+   For installations from source:
+
+   ```shell
+   cd /home/git/gitlab
+
+   sudo -u git -H editor config/gitlab.yml
+   ```
+
+1. Refer to [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration)
+   for initial settings.
+
+1. Add the provider configuration:
+
+   For Omnibus GitLab:
+
+   ```ruby
+   gitlab_rails['omniauth_providers'] = [
+     {
+       "name" => "azure_activedirectory_v2",
+       "args" => {
+         "client_id" => "CLIENT ID",
+         "client_secret" => "CLIENT SECRET",
+         "tenant_id" => "TENANT ID",
+       }
+     }
+   ]
+   ```
+
+   For installations from source:
+
+   ```yaml
+   - { name: 'azure_activedirectory_v2',
+     args: { client_id: "CLIENT ID",
+     client_secret: "CLIENT SECRET",
+     tenant_id: "TENANT ID" } }
+   ```
+
+   The `base_azure_url` is optional and can be added for different locales;
+   such as `base_azure_url: "https://login.microsoftonline.de"`.
+
+   The `scope` parameter is optional and can be added to `args`. Default `scope` is: `openid profile email`.
+
+1. Replace `CLIENT ID`, `CLIENT SECRET`, and `TENANT ID` with the values you got above.
+
+1. Save the configuration file.
+
+1. Reconfigure or restart GitLab, depending on your installation method:
+
+   - *If you installed from Omnibus GitLab,*
+     [reconfigure](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab.
+   - *If you installed from source,*
+     [restart GitLab](../administration/restart_gitlab.md#installations-from-source).
+
+On the sign-in page, you should now see a Microsoft icon below the regular sign-in form.
+Select the icon to begin the authentication process. Microsoft then asks you to
+sign in and authorize the GitLab application. If successful, you are returned to GitLab and signed in.
+
+Read [Enable OmniAuth for an Existing User](omniauth.md#enable-omniauth-for-an-existing-user)
+for information on how existing GitLab users can connect to their newly available Azure AD accounts.
diff --git a/lib/gitlab/auth/o_auth/provider.rb b/lib/gitlab/auth/o_auth/provider.rb
index 57ff3fcd1f0036037646ed9bb09479094f6d5145..ab6ac815601cc79afa7f063aa3e5cae087a64237 100644
--- a/lib/gitlab/auth/o_auth/provider.rb
+++ b/lib/gitlab/auth/o_auth/provider.rb
@@ -5,11 +5,12 @@ module Auth
     module OAuth
       class Provider
         LABELS = {
-          "github"            => "GitHub",
-          "gitlab"            => "GitLab.com",
-          "google_oauth2"     => "Google",
-          "azure_oauth2"      => "Azure AD",
-          'atlassian_oauth2'  => 'Atlassian'
+          "github"                   => "GitHub",
+          "gitlab"                   => "GitLab.com",
+          "google_oauth2"            => "Google",
+          "azure_oauth2"             => "Azure AD",
+          "azure_activedirectory_v2" => "Azure AD v2",
+          'atlassian_oauth2'         => 'Atlassian'
         }.freeze
 
         def self.authentication(user, provider)