diff --git a/Gordon360/Authorization/AzureAdConfig.cs b/Gordon360/Authorization/AzureAdConfig.cs
deleted file mode 100644
index 8b690ed56..000000000
--- a/Gordon360/Authorization/AzureAdConfig.cs
+++ /dev/null
@@ -1,9 +0,0 @@
-namespace Gordon360.Authorization;
-
-public record AzureAdConfig
-{
-    public string Instance { get; init; }
-    public string ClientId { get; init; }
-    public string TenantId { get; init; }
-    public string Audience { get; init; }
-}
\ No newline at end of file
diff --git a/Gordon360/Documentation/Gordon360.xml b/Gordon360/Documentation/Gordon360.xml
index cacfbfd34..35ecf78b5 100644
--- a/Gordon360/Documentation/Gordon360.xml
+++ b/Gordon360/Documentation/Gordon360.xml
@@ -1317,6 +1317,14 @@
             From account table
             </summary>
         </member>
+        <member name="M:Gordon360.Options.ValidateAzureAdOptions.Validate(System.String,Gordon360.Options.AzureAdOptions)">
+            <summary>
+            Validates a specific named options instance (or all when <paramref name="name"/> is <see langword="null" />).
+            </summary>
+            <param name="name">The name of the options instance being validated.</param>
+            <param name="options">The options instance.</param>
+            <returns>Validation result.</returns>
+        </member>
         <member name="M:Gordon360.Options.ValidateBonAppetitOptions.Validate(System.String,Gordon360.Options.BonAppetitOptions)">
             <summary>
             Validates a specific named options instance (or all when <paramref name="name"/> is <see langword="null" />).
diff --git a/Gordon360/Options/AzureAdOptions.cs b/Gordon360/Options/AzureAdOptions.cs
new file mode 100644
index 000000000..7383d08da
--- /dev/null
+++ b/Gordon360/Options/AzureAdOptions.cs
@@ -0,0 +1,22 @@
+using Microsoft.Extensions.Options;
+using System.ComponentModel.DataAnnotations;
+
+namespace Gordon360.Options;
+
+public sealed record AzureAdOptions
+{
+    public const string AzureAd = "AzureAd";
+
+    [Required]
+    public required string Instance {  get; set; }
+    [Required]
+    public required string ClientId {  get; set; }
+    [Required]
+    public required string TenantId {  get; set; }
+    [Required]
+    public required string Audience {  get; set; }
+}
+
+[OptionsValidator]
+public partial class ValidateAzureAdOptions : IValidateOptions<AzureAdOptions> { }
+
diff --git a/Gordon360/Options/OptionsExtensions.cs b/Gordon360/Options/OptionsExtensions.cs
index 401751e86..f289dd644 100644
--- a/Gordon360/Options/OptionsExtensions.cs
+++ b/Gordon360/Options/OptionsExtensions.cs
@@ -8,6 +8,11 @@ public static class OptionsExtensions
 {
     public static IServiceCollection Add360Options(this IServiceCollection services)
     {
+        services.AddSingleton<IValidateOptions<AzureAdOptions>, ValidateAzureAdOptions>();
+        services.AddOptions<AzureAdOptions>()
+            .BindConfiguration(AzureAdOptions.AzureAd)
+            .ValidateOnStart();
+
         services.AddSingleton<IValidateOptions<BonAppetitOptions>, ValidateBonAppetitOptions>();
         services.AddOptions<BonAppetitOptions>()
             .BindConfiguration(BonAppetitOptions.BonAppetit)
diff --git a/Gordon360/Program.cs b/Gordon360/Program.cs
index 744ec0aa3..d1e2671a8 100644
--- a/Gordon360/Program.cs
+++ b/Gordon360/Program.cs
@@ -26,6 +26,8 @@
 {
     var builder = WebApplication.CreateBuilder(args);
 
+    builder.Services.Add360Options();
+
     builder.Services.AddSerilog((services, lc) => lc
         .ReadFrom.Configuration(builder.Configuration)
         .ReadFrom.Services(services)
@@ -41,7 +43,7 @@
 
     builder.Services.AddEndpointsApiExplorer();
 
-    var azureConfig = builder.Configuration.GetSection("AzureAd").Get<AzureAdConfig>();
+    var azureOptions = builder.Configuration.GetSection("AzureAd").Get<AzureAdOptions>();
 
     builder.Services.AddSwaggerGen(c =>
     {
@@ -52,11 +54,11 @@
             {
                 AuthorizationCode = new OpenApiOAuthFlow()
                 {
-                    AuthorizationUrl = new Uri($"https://login.microsoftonline.com/{azureConfig.TenantId}/oauth2/v2.0/authorize"),
-                    TokenUrl = new Uri($"https://login.microsoftonline.com/{azureConfig.TenantId}/oauth2/v2.0/token"),
+                    AuthorizationUrl = new Uri($"https://login.microsoftonline.com/{azureOptions.TenantId}/oauth2/v2.0/authorize"),
+                    TokenUrl = new Uri($"https://login.microsoftonline.com/{azureOptions.TenantId}/oauth2/v2.0/token"),
                     Scopes = new Dictionary<string, string> {
                 {
-                    $"{azureConfig.Audience}/access_as_user",
+                    $"{azureOptions.Audience}/access_as_user",
                     "Access 360 as you."
                 }
             }
@@ -92,7 +94,6 @@
         options.UseSqlServer(builder.Configuration.GetConnectionString("webSQL"))
     );
 
-    builder.Services.Add360Options();
     builder.Services.Add360Services();
     builder.Services.AddHostedService<EventCacheRefreshService>();
     builder.Services.AddScoped<ServerUtils, ServerUtils>();
@@ -106,8 +107,8 @@
     app.UseSwagger();
     app.UseSwaggerUI(c =>
     {
-        c.OAuthClientId(azureConfig.ClientId);
-        c.OAuthScopes($"{azureConfig.Audience}/access_as_user");
+        c.OAuthClientId(azureOptions.ClientId);
+        c.OAuthScopes($"{azureOptions.Audience}/access_as_user");
         c.OAuthUsePkce();
     });