Azure Subscription disabled due to suspecious activity

To re-enable a subscription that was disabled due to suspicious or potentially non-compliant activity, direct action is required from Microsoft support; there is no self-service reactivation path documented for this scenario.

While waiting for the support case to be handled, the following points from related subscription-disable scenarios are relevant:

1. If the subscription was disabled for another reason (credit, billing, inactivity), the resolution paths are:
   • Expired or exhausted credit (Free, Students, or other credit-based offers): the subscription must be upgraded to a pay-as-you-go offer, typically by contacting Azure support or following the upgrade flow. For example:
     • Free Trial: Upgrade your subscription.
     • Azure for Students: contact Azure support to upgrade to pay-as-you-go.
   • Past-due bill or credit card issues: pay the outstanding balance or change the payment method; reactivation can take up to 24 hours after payment.
   • Canceled subscription: if the subscription was manually canceled and is of a supported type (for example, pay-as-you-go), it can be reactivated in the Azure portal under Subscriptions → select subscription → Reactivate.
   • Blocked due to long-term inactivity: a support request is required to unblock; if deleted after the notification window, it cannot be restored and a new subscription must be created.
2. After any reactivation:
   • There can be a delay (up to about 30 minutes, and in some billing cases up to 24 hours) before resources can be created or managed again.
   • Most resources resume automatically, but it is recommended to verify all critical resources and manually restart them if needed.
3. If there is any indication the subscription was compromised (for example, suspicious activity that triggered Azure’s protection mechanisms):
   • Review Microsoft Entra sign-in logs and the Azure Activity Log for unusual sign-ins or resource changes.
   • Identify and remove any compromised or unauthorized resources and evict any threat actors using the documented Microsoft security guidance.
   • Continue to work with Azure support to ensure the subscription is secured and then re-enabled.

Given that a support case is already open, the only documented next step is to wait for the Azure support team to review and resolve the issue. If the portal allows, ensure the case is filed under the correct subscription and problem type (billing vs. technical vs. security) so it routes to the right team. For subscriptions blocked or deleted due to inactivity or policy, only Microsoft support can unblock or confirm whether a new subscription is required.

References:

• Reactivate a disabled Azure subscription
• Why is my Azure for Students subscription disabled and how do I reactivate it?
• Avoid unused subscriptions
• Detect and respond to security alerts
• How to engage with Microsoft Operations
• URGENT: Production Website Down - Non-Profit Grant ($2,000) Not Applied / Subscription Disabled - Microsoft Q&A
• “My Azure subAzure Subscription shows invoice paid but remains disabled; portal not allowing reactivation or ticket generation.” - Microsoft Q&A
• 7 Day Old Azure Account: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A
• Can't find the subscription - Microsoft Q&A
• Can I speak to someone? -- Billing issues - Microsoft Q&A