diff --git a/docs/source/tutorials/provider-specific-setup/providers/azuread.md b/docs/source/tutorials/provider-specific-setup/providers/azuread.md
index f3520bfe..7df9217e 100644
--- a/docs/source/tutorials/provider-specific-setup/providers/azuread.md
+++ b/docs/source/tutorials/provider-specific-setup/providers/azuread.md
@@ -42,7 +42,7 @@ c.JupyterHub.authenticator_class = "azuread"
 # {...} other settings (see above)
 
 c.AzureAdOAuthenticator.manage_groups = True
-c.AzureAdOAuthenticator.auth_state_groups_key = 'user.groups'
+c.AzureAdOAuthenticator.auth_state_groups_key = "user.groups"  # this is the default
 ```
 
 This requires Azure AD to be configured to include the group-membership in the access token.
diff --git a/oauthenticator/azuread.py b/oauthenticator/azuread.py
index ffdb14bc..dec2c2b9 100644
--- a/oauthenticator/azuread.py
+++ b/oauthenticator/azuread.py
@@ -34,7 +34,7 @@ def _username_claim_default(self):
 
     @default('auth_state_groups_key')
     def _auth_state_groups_key_default(self):
-        key = ""
+        key = "user.groups"
         if self.user_groups_claim:
             key = f"{self.user_auth_state_key}.{self.user_groups_claim}"
             cls = self.__class__.__name__
diff --git a/oauthenticator/tests/test_azuread.py b/oauthenticator/tests/test_azuread.py
index eaae2c39..77a7c217 100644
--- a/oauthenticator/tests/test_azuread.py
+++ b/oauthenticator/tests/test_azuread.py
@@ -117,12 +117,12 @@ def user_model(tenant_id, client_id, name):
             True,
             None,
         ),
-        # test user_groups_claim
+        # test user_groups_claim (deprecated)
         (
             "30",
             {
                 "allow_all": True,
-                "auth_state_groups_key": "user.groups",
+                "user_groups_claim": "groups",
                 "manage_groups": True,
             },
             True,
@@ -133,7 +133,7 @@ def user_model(tenant_id, client_id, name):
             {
                 "allow_all": True,
                 "manage_groups": True,
-                "auth_state_groups_key": "user.grp",
+                "user_groups_claim": "grp",
             },
             True,
             None,
@@ -143,7 +143,6 @@ def user_model(tenant_id, client_id, name):
             "40",
             {
                 "allowed_groups": {"group1"},
-                "auth_state_groups_key": "user.groups",
                 "manage_groups": True,
             },
             True,
@@ -153,7 +152,6 @@ def user_model(tenant_id, client_id, name):
             "41",
             {
                 "allowed_groups": {"test-user-not-in-group"},
-                "auth_state_groups_key": "user.groups",
                 "manage_groups": True,
             },
             False,
@@ -163,7 +161,6 @@ def user_model(tenant_id, client_id, name):
             "42",
             {
                 "admin_groups": {"group1"},
-                "auth_state_groups_key": "user.groups",
                 "manage_groups": True,
             },
             True,
@@ -173,7 +170,6 @@ def user_model(tenant_id, client_id, name):
             "43",
             {
                 "admin_groups": {"test-user-not-in-group"},
-                "auth_state_groups_key": "user.groups",
                 "manage_groups": True,
             },
             False,