diff --git a/Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/Extensions/TeamsValidationSettings.cs b/Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/Extensions/TeamsValidationSettings.cs
index 324346be3..f9e2774ac 100644
--- a/Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/Extensions/TeamsValidationSettings.cs
+++ b/Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/Extensions/TeamsValidationSettings.cs
@@ -46,7 +46,14 @@ public IEnumerable<string> GetValidIssuersForTenant(string? tenantId)
         var validIssuers = new List<string>();
         if (!string.IsNullOrEmpty(tenantId))
         {
+            // Cloud-specific login endpoint issuer (e.g. https://login.microsoftonline.com/{tenantId}/).
+            // Note: this is the tenant-prefixed login endpoint form, not the AAD v2.0
+            // issuer (which ends in `/v2.0`).
             validIssuers.Add($"{LoginEndpoint}/{tenantId}/");
+            // Azure AD v1 issuer (sts.windows.net) — some valid Microsoft Entra tokens
+            // are still issued with the v1 issuer format.
+            // See https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens
+            validIssuers.Add($"https://sts.windows.net/{tenantId}/");
         }
         else
         {
diff --git a/Tests/Microsoft.Teams.Plugins.AspNetCore.Tests/Extensions/TeamsValidationSettingsTests.cs b/Tests/Microsoft.Teams.Plugins.AspNetCore.Tests/Extensions/TeamsValidationSettingsTests.cs
index 49658400d..65ba296ce 100644
--- a/Tests/Microsoft.Teams.Plugins.AspNetCore.Tests/Extensions/TeamsValidationSettingsTests.cs
+++ b/Tests/Microsoft.Teams.Plugins.AspNetCore.Tests/Extensions/TeamsValidationSettingsTests.cs
@@ -80,8 +80,22 @@ public void GetValidIssuersForTenant_UsesCloudLoginEndpoint()
 
         var issuers = settings.GetValidIssuersForTenant("my-tenant").ToList();
 
-        Assert.Single(issuers);
-        Assert.Equal("https://login.microsoftonline.us/my-tenant/", issuers[0]);
+        Assert.Equal(2, issuers.Count);
+        Assert.Contains("https://login.microsoftonline.us/my-tenant/", issuers);
+        Assert.Contains("https://sts.windows.net/my-tenant/", issuers);
+    }
+
+    [Fact]
+    public void GetValidIssuersForTenant_IncludesV1StsIssuer()
+    {
+        var settings = new TeamsValidationSettings(CloudEnvironment.Public);
+
+        var issuers = settings.GetValidIssuersForTenant("my-tenant").ToList();
+
+        // Some valid Microsoft Entra tokens are still issued with the AAD v1
+        // issuer (sts.windows.net) instead of the v2 login.microsoftonline.com issuer.
+        Assert.Contains("https://login.microsoftonline.com/my-tenant/", issuers);
+        Assert.Contains("https://sts.windows.net/my-tenant/", issuers);
     }
 
     [Fact]