![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 69%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
The error AADSTS5000225 indicates that the Microsoft Entra tenant is blocked due to inactivity.
Based on the documented behavior, when a tenant is marked inactive, sign-in attempts fail with this error. Administrators have up to 20 days from when the tenant becomes inaccessible to request reactivation. After 20 days in this state, the tenant is permanently deleted and cannot be recovered.
To proceed:
- Determine whether the tenant has been inactive (blocked) for less than 20 days. If it has been longer than 20 days, the tenant is deleted and cannot be restored.
- If within 20 days, the tenant administrator must contact Microsoft support to request tenant reactivation. Use the global support phone numbers listed in the documentation and open a support case; do not submit multiple requests while one is in progress.
- While the tenant is blocked, app registrations and Microsoft Graph API access in that tenant cannot be used. After Microsoft reactivates the tenant, app registrations will again be able to obtain tokens and access protected resources.
If the tenant ends up being unrecoverable (blocked for more than 20 days and deleted), a new tenant must be created and new app registrations configured there for Microsoft Graph API access.
References:
- Tenant inaccessible due to inactivity
- Error message: interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity - Microsoft Q&A
- 7 Day Old Azure Account: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A
- Error message: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A