diff --git a/CHANGELOG.md b/CHANGELOG.md
index fe4d2b8d81..6acb683b5d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@
 
 ### [Caudipteryx](https://en.wikipedia.org/wiki/Caudipteryx)
 
+### Next version
+
+* Added Outlook Tenant ID field
+
 ### 1.1794 - 2021-12-22
 
 * Added logarithmic PIN failure delay of 3 seconds
diff --git a/app/src/main/assets/CHANGELOG.md b/app/src/main/assets/CHANGELOG.md
index fe4d2b8d81..6acb683b5d 100644
--- a/app/src/main/assets/CHANGELOG.md
+++ b/app/src/main/assets/CHANGELOG.md
@@ -4,6 +4,10 @@
 
 ### [Caudipteryx](https://en.wikipedia.org/wiki/Caudipteryx)
 
+### Next version
+
+* Added Outlook Tenant ID field
+
 ### 1.1794 - 2021-12-22
 
 * Added logarithmic PIN failure delay of 3 seconds
diff --git a/app/src/main/java/eu/faircode/email/FragmentOAuth.java b/app/src/main/java/eu/faircode/email/FragmentOAuth.java
index d0f8b6a2bb..4e10437765 100644
--- a/app/src/main/java/eu/faircode/email/FragmentOAuth.java
+++ b/app/src/main/java/eu/faircode/email/FragmentOAuth.java
@@ -108,6 +108,7 @@ public class FragmentOAuth extends FragmentBase {
     private TextView tvPrivacy;
     private EditText etName;
     private EditText etEmail;
+    private EditText etTenant;
     private CheckBox cbUpdate;
     private Button btnOAuth;
     private ContentLoadingProgressBar pbOAuth;
@@ -120,6 +121,7 @@ public class FragmentOAuth extends FragmentBase {
     private Button btnSupport;
     private Button btnHelp;
 
+    private Group grpTenant;
     private Group grpError;
 
     private static final int MAILRU_TIMEOUT = 20 * 1000; // milliseconds
@@ -153,6 +155,7 @@ public class FragmentOAuth extends FragmentBase {
         tvPrivacy = view.findViewById(R.id.tvPrivacy);
         etName = view.findViewById(R.id.etName);
         etEmail = view.findViewById(R.id.etEmail);
+        etTenant = view.findViewById(R.id.etTenant);
         cbUpdate = view.findViewById(R.id.cbUpdate);
         btnOAuth = view.findViewById(R.id.btnOAuth);
         pbOAuth = view.findViewById(R.id.pbOAuth);
@@ -165,6 +168,7 @@ public class FragmentOAuth extends FragmentBase {
         btnSupport = view.findViewById(R.id.btnSupport);
         btnHelp = view.findViewById(R.id.btnHelp);
 
+        grpTenant = view.findViewById(R.id.grpTenant);
         grpError = view.findViewById(R.id.grpError);
 
         // Wire controls
@@ -208,6 +212,7 @@ public class FragmentOAuth extends FragmentBase {
         tvTitle.setText(getString(R.string.title_setup_oauth_rationale, name));
         etName.setVisibility(askAccount ? View.VISIBLE : View.GONE);
         etEmail.setVisibility(askAccount ? View.VISIBLE : View.GONE);
+        grpTenant.setVisibility(isOutlook(id) ? View.VISIBLE : View.GONE);
         pbOAuth.setVisibility(View.GONE);
         tvConfiguring.setVisibility(View.GONE);
         tvGmailHint.setVisibility("gmail".equals(id) ? View.VISIBLE : View.GONE);
@@ -215,6 +220,7 @@ public class FragmentOAuth extends FragmentBase {
 
         etName.setText(personal);
         etEmail.setText(address);
+        etTenant.setText(null);
         cbUpdate.setChecked(update);
 
         return view;
@@ -263,10 +269,12 @@ public class FragmentOAuth extends FragmentBase {
 
             etName.clearFocus();
             etEmail.clearFocus();
+            etTenant.clearFocus();
             Helper.hideKeyboard(view);
 
             etName.setEnabled(false);
             etEmail.setEnabled(false);
+            etTenant.setEnabled(false);
             cbUpdate.setEnabled(false);
             btnOAuth.setEnabled(false);
             pbOAuth.setVisibility(View.VISIBLE);
@@ -336,9 +344,19 @@ public class FragmentOAuth extends FragmentBase {
 
             AuthorizationService authService = new AuthorizationService(context, appAuthConfig);
 
+            String authorizationEndpoint = provider.oauth.authorizationEndpoint;
+            String tokenEndpoint = provider.oauth.tokenEndpoint;
+            String tenant = etTenant.getText().toString().trim();
+
+            if (TextUtils.isEmpty(tenant))
+                tenant = "common";
+
+            authorizationEndpoint = authorizationEndpoint.replace("{tenant}", tenant);
+            tokenEndpoint = tokenEndpoint.replace("{tenant}", tenant);
+
             AuthorizationServiceConfiguration serviceConfig = new AuthorizationServiceConfiguration(
-                    Uri.parse(provider.oauth.authorizationEndpoint),
-                    Uri.parse(provider.oauth.tokenEndpoint));
+                    Uri.parse(authorizationEndpoint),
+                    Uri.parse(tokenEndpoint));
 
             AuthState authState = new AuthState(serviceConfig);
             SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
@@ -384,10 +402,8 @@ public class FragmentOAuth extends FragmentBase {
                 authRequestBuilder.setPrompt("consent");
 
             // https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
-            if ("office365".equals(provider.id))
+            if (isOutlook(provider.id))
                 authRequestBuilder.setPrompt("select_account");
-            if ("outlook".equals(provider.id))
-                authRequestBuilder.setPrompt("consent");
 
             AuthorizationRequest authRequest = authRequestBuilder.build();
 
@@ -413,6 +429,7 @@ public class FragmentOAuth extends FragmentBase {
         try {
             etName.setEnabled(true);
             etEmail.setEnabled(true);
+            etTenant.setEnabled(true);
             cbUpdate.setEnabled(true);
 
             AuthorizationResponse auth = AuthorizationResponse.fromIntent(data);
@@ -450,7 +467,7 @@ public class FragmentOAuth extends FragmentBase {
                     .setAdditionalParameters(Collections.<String, String>emptyMap())
                     .setNonce(auth.request.nonce);
 
-            if ("office365".equals(provider.id) || "outlook".equals(provider.id))
+            if (isOutlook(provider.id))
                 builder.setScope(TextUtils.join(" ", provider.oauth.scopes));
 
             TokenRequest request = builder.build();
@@ -921,6 +938,7 @@ public class FragmentOAuth extends FragmentBase {
     private void onHandleCancel() {
         etName.setEnabled(true);
         etEmail.setEnabled(true);
+        etTenant.setEnabled(true);
         cbUpdate.setEnabled(true);
         btnOAuth.setEnabled(true);
         pbOAuth.setVisibility(View.GONE);
@@ -942,7 +960,7 @@ public class FragmentOAuth extends FragmentBase {
         if ("gmail".equals(id))
             tvGmailDraftsHint.setVisibility(View.VISIBLE);
 
-        if ("office365".equals(id) || "outlook".equals(id)) {
+        if (isOutlook(id)) {
             if (ex instanceof AuthenticationFailedException)
                 tvOfficeAuthHint.setVisibility(View.VISIBLE);
         }
@@ -959,6 +977,7 @@ public class FragmentOAuth extends FragmentBase {
 
         etName.setEnabled(true);
         etEmail.setEnabled(true);
+        etTenant.setEnabled(true);
         cbUpdate.setEnabled(true);
         btnOAuth.setEnabled(true);
         pbOAuth.setVisibility(View.GONE);
@@ -979,4 +998,8 @@ public class FragmentOAuth extends FragmentBase {
         tvGmailDraftsHint.setVisibility(View.GONE);
         tvOfficeAuthHint.setVisibility(View.GONE);
     }
+
+    private static boolean isOutlook(String id) {
+        return ("office365".equals(id) || "outlook".equals(id));
+    }
 }
diff --git a/app/src/main/res/layout/fragment_oauth.xml b/app/src/main/res/layout/fragment_oauth.xml
index a73142d34c..3eda08c1da 100644
--- a/app/src/main/res/layout/fragment_oauth.xml
+++ b/app/src/main/res/layout/fragment_oauth.xml
@@ -67,6 +67,29 @@
             app:layout_constraintStart_toStartOf="parent"
             app:layout_constraintTop_toBottomOf="@id/etName" />
 
+        <eu.faircode.email.EditTextPlain
+            android:id="@+id/etTenant"
+            android:layout_width="0dp"
+            android:layout_height="wrap_content"
+            android:autofillHints="emailAddress"
+            android:hint="@string/title_identity_tenant"
+            android:imeOptions="actionNext"
+            android:inputType="textEmailAddress"
+            android:textAppearance="@style/TextAppearance.AppCompat.Small"
+            app:layout_constraintEnd_toEndOf="parent"
+            app:layout_constraintStart_toStartOf="parent"
+            app:layout_constraintTop_toBottomOf="@id/etEmail" />
+
+        <eu.faircode.email.FixedTextView
+            android:id="@+id/tvTenantHint"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:text="@string/title_identity_tenant_hint"
+            android:textAppearance="@style/TextAppearance.AppCompat.Small"
+            android:textStyle="italic"
+            app:layout_constraintStart_toStartOf="parent"
+            app:layout_constraintTop_toBottomOf="@id/etTenant" />
+
         <CheckBox
             android:id="@+id/cbUpdate"
             android:layout_width="wrap_content"
@@ -75,7 +98,7 @@
             android:text="@string/title_setup_oauth_update"
             android:textAppearance="@style/TextAppearance.AppCompat.Small"
             app:layout_constraintStart_toStartOf="parent"
-            app:layout_constraintTop_toBottomOf="@id/etEmail" />
+            app:layout_constraintTop_toBottomOf="@id/tvTenantHint" />
 
         <Button
             android:id="@+id/btnOAuth"
@@ -196,6 +219,12 @@
             app:layout_constraintEnd_toEndOf="parent"
             app:layout_constraintTop_toBottomOf="@id/tvOfficeAuthHint" />
 
+        <androidx.constraintlayout.widget.Group
+            android:id="@+id/grpTenant"
+            android:layout_width="0dp"
+            android:layout_height="0dp"
+            app:constraint_referenced_ids="etTenant,tvTenantHint" />
+
         <androidx.constraintlayout.widget.Group
             android:id="@+id/grpError"
             android:layout_width="0dp"
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 6b3932d40a..cbfc7399cf 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -812,6 +812,8 @@
     <string name="title_select">Select &#8230;</string>
     <string name="title_identity_name">Your name</string>
     <string name="title_identity_email">Your email address</string>
+    <string name="title_identity_tenant" translatable="false">Tenant ID</string>
+    <string name="title_identity_tenant_hint">This field should be empty in most cases</string>
     <string name="title_identity_color_hint">Identity colors take precedence over folder and account colors</string>
     <string name="title_advanced_sender">Allow editing sender address</string>
     <string name="title_advanced_sender_name">Use name when sender address has been edited</string>
diff --git a/app/src/main/res/xml/providers.xml b/app/src/main/res/xml/providers.xml
index 4056633d3d..559445f2ec 100644
--- a/app/src/main/res/xml/providers.xml
+++ b/app/src/main/res/xml/providers.xml
@@ -97,14 +97,14 @@
             starttls="true" />
         <oauth
             askAccount="true"
-            authorizationEndpoint="https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
+            authorizationEndpoint="https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize"
             clientId="3514cf2c-e7a3-45a2-80d4-6a3c3498eca0"
             clientSecret="r=o4@SlzU:MA6MlXM6mPG[44i4gYPq[@"
             enabled="true"
             privacy="https://privacy.microsoft.com/privacystatement"
             redirectUri="https://oauth.faircode.eu/"
             scopes="profile,openid,email,offline_access,https://outlook.office.com/IMAP.AccessAsUser.All,https://outlook.office.com/SMTP.Send"
-            tokenEndpoint="https://login.microsoftonline.com/common/oauth2/v2.0/token" />
+            tokenEndpoint="https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token" />
         <!-- https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth -->
     </provider>
     <provider
@@ -125,14 +125,14 @@
             starttls="true" />
         <oauth
             askAccount="true"
-            authorizationEndpoint="https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
+            authorizationEndpoint="https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize"
             clientId="17e57eca-a59b-4574-ac91-b343004898a6"
             clientSecret="k847Q~ZKtIBNp~ls_riKEbFDsvOQEdUA.YDNt"
             enabled="false"
             privacy="https://privacy.microsoft.com/privacystatement"
             redirectUri="https://oauth.faircode.eu/"
             scopes="openid,email,offline_access,https://outlook.office.com/IMAP.AccessAsUser.All,https://outlook.office.com/SMTP.Send"
-            tokenEndpoint="https://login.microsoftonline.com/common/oauth2/v2.0/token" />
+            tokenEndpoint="https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token" />
         <!-- https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth -->
     </provider>
     <!-- needs subscription -->
diff --git a/metadata/en-US/changelogs/1794.txt b/metadata/en-US/changelogs/1794.txt
index fe4d2b8d81..6acb683b5d 100644
--- a/metadata/en-US/changelogs/1794.txt
+++ b/metadata/en-US/changelogs/1794.txt
@@ -4,6 +4,10 @@
 
 ### [Caudipteryx](https://en.wikipedia.org/wiki/Caudipteryx)
 
+### Next version
+
+* Added Outlook Tenant ID field
+
 ### 1.1794 - 2021-12-22
 
 * Added logarithmic PIN failure delay of 3 seconds