![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 2%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Artifact Signing
A fully managed end-to-end service for digitally signing code, documents, and applications. (formerly Trusted Signing)
The error interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity means the Microsoft Entra (Azure AD) tenant backing the Azure subscription has been put into an inactive state and sign-ins are blocked.
Key points from the tenant lifecycle behavior:
- When a tenant is inactive past the allowed period, Microsoft blocks sign-in with error
AADSTS5000225. - From the moment the tenant is made inaccessible, there is a 20‑day window during which a tenant administrator can request reactivation.
- If the tenant remains inaccessible for more than 20 days, it is deleted and cannot be recovered.
Recommended actions:
- Determine whether the tenant is within the 20‑day reactivation window
- If the tenant has been blocked for less than 20 days, it is still eligible for reactivation.
- If it has been blocked for more than 20 days, the tenant is permanently deleted and cannot be restored.
- If within 20 days and you are (or can reach) a tenant admin:
- The tenant administrator must contact Microsoft support to request reactivation.
- Use the published global support phone numbers to open a support case and reference the error
AADSTS5000225and the trace/correlation IDs from the failure. - Do not open multiple support requests for the same tenant; wait for the decision on the first case.
- If the tenant is past 20 days of inactivity:
- The tenant is deleted and cannot be recovered.
- Any associated environments and data are subject to Microsoft’s data protection and retention policies.
- If access to Azure Portal is blocked but the tenant is still active:
- Try signing in directly with the tenant identifier in the portal URL, for example:
-
https://portal.azure.com/<TenantId>or -
https://portal.azure.com/<yourTenantName>.onmicrosoft.com
-
- If still blocked and within the 20‑day window, proceed with the support contact as above.
- Try signing in directly with the tenant identifier in the portal URL, for example:
- If the tenant cannot be reactivated:
- Create or use another active Microsoft Entra tenant.
- For example, sign in to
https://entra.microsoft.com/, go to Entra ID → Overview → Manage tenants, and create a new tenant. - Then access Azure with the new tenant context (for example,
https://portal.azure.com/<newTenantName>.onmicrosoft.com) and configure any required services (including artifact signing) in that tenant.
For application developers or automation that is failing with this error:
- The
interaction_requiredwrapper indicates the app cannot silently obtain tokens because the tenant is blocked. - Minimize authentication attempts against this tenant until it is reactivated or replaced.
- Once a new or reactivated tenant is available, update configuration (tenant ID, authority, etc.) to point to the active tenant.
If the tenant is confirmed deleted (blocked for more than 20 days), the only path forward is to use a different or newly created tenant and reconfigure Azure resources and artifact-signing workflows there.
References: