![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 78%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Managing external identities to enable secure access for partners, customers, and other non-employees
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 92%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
The error means the old tenant tied to the account has been blocked and is no longer usable. A new tenant must be created and then used to access Azure.
Use the following approach:
- Confirm the old tenant is not recoverable
- Tenants blocked due to inactivity can only be reactivated within 20 days of entering the inactive state. After 20 days, they are deleted and can’t be recovered.
- Since the tenant has been unused for years, it is effectively gone and a new tenant is required.
- Sign in to Entra and create a new tenant
- Go to https://entra.microsoft.com/ and sign in with the same Microsoft account that has the Azure subscription/credit card.
- In Microsoft Entra ID → Overview, select Manage tenants.
- Choose Create (or Create a new tenant) and complete the wizard to create a new Microsoft Entra tenant (directory). Note the new tenant’s domain name (for example,
newtenantname.onmicrosoft.com).
- Access the new tenant directly in Azure portal
- After the new tenant is created, open the Azure portal using the tenant-specific URL format:
-
https://portal.azure.com/<yourTenantName>.onmicrosoft.com
-
- Sign in with the same account; the portal should now open in the context of the new tenant.
- After the new tenant is created, open the Azure portal using the tenant-specific URL format:
- Link the new tenant to the subscription (if needed)
- If the Azure portal shows a Troubleshoot banner or indicates there is no active subscription linked to the directory, follow the banner’s instructions to link the tenant to an active subscription.
- If there are multiple subscriptions, ensure the correct subscription is associated with the new tenant.
- If still blocked from all tenants
- Sign out of all Microsoft accounts in the browser.
- Clear all site data/cookies for Microsoft/Azure sites.
- Open a private/incognito browser window and repeat steps 2–4.
- If a tenant must be reactivated (only if within 20 days)
- If a different tenant was blocked less than 20 days ago and needs to be recovered, a tenant administrator must contact Microsoft using the global support phone numbers listed in the documentation. For tenants blocked longer than 20 days, only creating a new tenant is possible.
Once the new tenant is created and accessible in the Azure portal, Azure resources can be created under that tenant and its linked subscription.
References:
- Tenant inaccessible due to inactivity
- Create or link to an existing Microsoft Entra B2C tenant in the Azure portal
- Review tenant creation permission in Azure Active Directory B2C
- Restrict access to a tenant
- 7 Day Old Azure Account: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A
- Error message: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A
- Error message: interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity - Microsoft Q&A