diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 9a983d7ac3..50b06d19f6 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,6 +1,7 @@
 {
-  "image": "mcr.microsoft.com/devcontainers/typescript-node",
   "features": {
-    "ghcr.io/devcontainer-community/devcontainer-features/bun.sh:1": {}
-  }
+    "ghcr.io/devcontainer-community/devcontainer-features/bun.sh:1": {},
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}
+  },
+  "image": "mcr.microsoft.com/devcontainers/typescript-node"
 }
diff --git a/docs/self-hosting/environment-variables/auth.mdx b/docs/self-hosting/environment-variables/auth.mdx
index f7a3169c50..34c0b1a66a 100644
--- a/docs/self-hosting/environment-variables/auth.mdx
+++ b/docs/self-hosting/environment-variables/auth.mdx
@@ -205,6 +205,13 @@ LobeChat provides a complete authentication service capability when deployed. Th
 
 ### Microsoft Entra ID
 
+#### `AUTH_MICROSOFT_ENTRA_ID_BASE_URL`
+
+- Type: Required
+- Description: - Description: Base URL for Azure login. Use when authenticating against other Microsoft sovereignty clouds like Azure US Government.
+- Default: `https://login.microsoftonline.com`
+- Example: `https://login.microsoftonline.us`
+
 #### `AUTH_AZURE_AD_ID`
 
 - Type: Required
diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts
index 3a3c4c72b3..8edd140270 100644
--- a/src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts
+++ b/src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts
@@ -8,6 +8,10 @@ function getTenantId() {
   );
 }
 
+function getClientLoginBaseUrl() {
+  return process.env.AUTH_MICROSOFT_ENTRA_ID_BASE_URL ?? 'https://login.microsoftonline.com';
+}
+
 function getIssuer() {
   const issuer = process.env.MICROSOFT_ENTRA_ID_ISSUER;
   if (issuer) {
@@ -16,7 +20,7 @@ function getIssuer() {
   const tenantId = getTenantId();
   if (tenantId) {
     // refs: https://github.com/nextauthjs/next-auth/discussions/9154#discussioncomment-10583104
-    return `https://login.microsoftonline.com/${tenantId}/v2.0`;
+    return `${getClientLoginBaseUrl()}/${tenantId}/v2.0`;
   } else {
     return undefined;
   }