![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 32%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Managing external identities to enable secure access for partners, customers, and other non-employees
The error interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity means the Microsoft Entra ID (Azure AD) tenant behind the business account used for billing has been marked inactive and blocked.
Key points from the tenant lifecycle and billing behavior:
- When a billing account and its tenant are unused for a prolonged period (no usage, no sign-ins, no support tickets for at least 12 months), Microsoft classifies the billing account as inactive and starts an inactivity lifecycle.
- After notification and a further inactivity period, the billing account and tenant can be blocked, which prevents sign-in and management actions such as editing payment methods.
- For tenants specifically, when they are blocked due to inactivity, sign-ins fail with error
AADSTS5000225. This is expected behavior for an inaccessible tenant. - Administrators have a limited window (20 days from when the tenant becomes inaccessible) to request reactivation. After 20 days in this blocked state, the tenant is deleted and cannot be recovered.
What needs to happen to resolve this:
- If the tenant has been blocked for less than 20 days:
- A tenant administrator must contact Microsoft support to request reactivation:
- For Microsoft 365 business billing accounts purchased directly from Microsoft, use the standard support channel described in the billing article.
- Follow the guidance under “Administrators” for an inaccessible tenant: contact Microsoft using the global support phone numbers and open a support case to reactivate the tenant.
- While the case is in progress, no additional assistance requests for the same issue should be submitted.
- Once Microsoft reactivates the tenant, sign-in should work again and payment card details can then be edited.
- A tenant administrator must contact Microsoft support to request reactivation:
- If the tenant has been blocked for more than 20 days:
- The tenant is deleted and is not recoverable.
- Any associated billing account and subscriptions may already be in suspension or termination stages, with data and resources permanently deleted.
- In this situation, editing the existing payment card for that tenant is no longer possible; a new tenant and subscriptions would be required.
- Relationship to billing account status:
- When a billing account is blocked due to inactivity, actions such as adding or changing subscriptions are prevented.
- If no action is taken after blocking, the lifecycle can progress to subscription suspension, tenant deauthorization, and account termination, with permanent data deletion.
Practical next step:
- Identify the administrator for the affected Microsoft 365 business tenant and have that admin contact Microsoft support immediately to request tenant reactivation and billing account unblocking, ensuring this is done within 20 days of the tenant becoming inaccessible.
References: