diff --git a/apps/sim/lib/oauth/microsoft.test.ts b/apps/sim/lib/oauth/microsoft.test.ts
index a3eaf4d9c6..e4bbf1f138 100644
--- a/apps/sim/lib/oauth/microsoft.test.ts
+++ b/apps/sim/lib/oauth/microsoft.test.ts
@@ -54,10 +54,20 @@ describe('deriveMicrosoftEmailVerified', () => {
     expect(deriveMicrosoftEmailVerified({ email_verified: 'true' }, EMAIL)).toBe(true)
   })
 
-  it('treats a malformed verified-email claim as unverified', () => {
+  it('treats malformed (non-array) verified-email claims as unverified without throwing', () => {
     expect(deriveMicrosoftEmailVerified({ verified_primary_email: 'not-an-array' }, EMAIL)).toBe(
       false
     )
+    expect(deriveMicrosoftEmailVerified({ verified_primary_email: 123 }, EMAIL)).toBe(false)
+    expect(deriveMicrosoftEmailVerified({ verified_secondary_email: { foo: 'bar' } }, EMAIL)).toBe(
+      false
+    )
+    expect(deriveMicrosoftEmailVerified({ verified_primary_email: null }, EMAIL)).toBe(false)
+  })
+
+  it('does not treat a string claim equal to the email as verified (guards the old unsafe cast)', () => {
+    expect(deriveMicrosoftEmailVerified({ verified_primary_email: EMAIL }, EMAIL)).toBe(false)
+    expect(deriveMicrosoftEmailVerified({ verified_secondary_email: EMAIL }, EMAIL)).toBe(false)
   })
 })
 
diff --git a/apps/sim/lib/oauth/microsoft.ts b/apps/sim/lib/oauth/microsoft.ts
index 2ecf050e62..1e9be406f2 100644
--- a/apps/sim/lib/oauth/microsoft.ts
+++ b/apps/sim/lib/oauth/microsoft.ts
@@ -36,7 +36,10 @@ export function deriveMicrosoftEmailVerified(
   if (claims.email_verified !== undefined) {
     return Boolean(claims.email_verified)
   }
-  const verifiedPrimaryEmail = claims.verified_primary_email as string[] | undefined
-  const verifiedSecondaryEmail = claims.verified_secondary_email as string[] | undefined
-  return Boolean(verifiedPrimaryEmail?.includes(email) || verifiedSecondaryEmail?.includes(email))
+  const { verified_primary_email: verifiedPrimary, verified_secondary_email: verifiedSecondary } =
+    claims
+  return (
+    (Array.isArray(verifiedPrimary) && verifiedPrimary.includes(email)) ||
+    (Array.isArray(verifiedSecondary) && verifiedSecondary.includes(email))
+  )
 }