![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 94%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 85%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
The error interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity indicates that the Microsoft Entra tenant is in an inactive, blocked state due to lifecycle policies and can no longer be used for sign-in until reactivated (if still within the allowed window).
Key points from the tenant lifecycle behavior:
- When a tenant is inactive for an extended period, Microsoft blocks sign-ins to that tenant and returns AADSTS5000225.
- Administrators can request reactivation only within 20 days after the tenant becomes inaccessible due to inactivity.
- If the tenant remains in this blocked state for more than 20 days, it is permanently deleted and cannot be recovered.
To proceed, depending on the situation:
- If administrator access to the tenant exists and the block started less than 20 days ago:
- The tenant administrator must contact Microsoft support to request tenant reactivation. Use the global support phone numbers listed in the documentation. While the case is in progress, no additional support requests should be opened for the same issue.
- If the tenant has been blocked for more than 20 days:
- The tenant has been or will be deleted and is not recoverable. In this case, a new tenant must be created to continue using Microsoft Entra ID and Azure services.
- If sign-in is needed only to continue working in Azure (for example, training or lab work) and the original tenant cannot be reactivated:
- Create or use another tenant (for example, via the Microsoft Entra admin center’s Manage tenants → Create), then sign in to Azure using the new tenant’s domain name in the portal URL (for example,
https://portal.azure.com/<yourTenantName>.onmicrosoft.com) as described in the referenced Q&A. From that tenant, normal Azure/Entra operations can continue.
- Create or use another tenant (for example, via the Microsoft Entra admin center’s Manage tenants → Create), then sign in to Azure using the new tenant’s domain name in the portal URL (for example,
- For application owners or developers whose apps are still sending sign-in requests to the blocked tenant:
- Minimize authentication requests to the deactivated tenant until it is reactivated or replaced.
If the tenant is still within the 20‑day reactivation window and access to a billing/support-eligible subscription exists, contacting Microsoft support promptly is required to restore access.
References:
- Tenant inaccessible due to inactivity
- Error message: interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity - Microsoft Q&A
- 7 Day Old Azure Account: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A
- Error message: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A