diff --git a/apps/web/utils/auth.ts b/apps/web/utils/auth.ts
index 1cd7e69376..f5f1d24d60 100644
--- a/apps/web/utils/auth.ts
+++ b/apps/web/utils/auth.ts
@@ -105,6 +105,7 @@ export const getAuthOptions: () => NextAuthConfig = () => ({
       clientId: env.MICROSOFT_CLIENT_ID,
       clientSecret: env.MICROSOFT_CLIENT_SECRET,
       allowDangerousEmailAccountLinking: true,
+      checks: ["pkce"],
       authorization: {
         url: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
         params: {
diff --git a/apps/web/utils/outlook/scopes.ts b/apps/web/utils/outlook/scopes.ts
index 1b9c9cef39..2a074bae40 100644
--- a/apps/web/utils/outlook/scopes.ts
+++ b/apps/web/utils/outlook/scopes.ts
@@ -8,11 +8,11 @@ export const SCOPES = [
   "email",
   "User.Read",
   "offline_access", // Required for refresh tokens
-  "Mail.ReadWrite", // Read and write access to mailbox
+  /* "Mail.ReadWrite", // Read and write access to mailbox
   "Mail.Send", // Send emails
   "Mail.ReadBasic", // Read basic mail properties
   "Mail.Read", // Read mail in all mailboxes
   "Mail.Read.Shared", // Read mail in shared mailboxes
   "MailboxSettings.ReadWrite", // Read and write mailbox settings
-  ...(env.NEXT_PUBLIC_CONTACTS_ENABLED ? ["Contacts.ReadWrite"] : []),
+  ...(env.NEXT_PUBLIC_CONTACTS_ENABLED ? ["Contacts.ReadWrite"] : []), */
 ] as const;