Share via

Error message: interaction_required: AADSTS5000225:

victor campos 0 Reputation points
2026-05-21T02:30:21.1866667+00:00

Error message: interaction_required: AADSTS5000225:

Microsoft 365 and Office | Subscription, account, billing | For business | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-05-21T02:30:35.23+00:00

    The error interaction_required: AADSTS5000225 indicates that:

    1. interaction_required means user interaction is needed to complete authentication. In MSAL libraries this is surfaced as an InteractionRequiredAuthError, which is thrown when the user must perform an interactive sign-in to get a token with updated claims.
    2. AADSTS5000225: This tenant has been blocked due to inactivity means the Azure AD (Microsoft Entra ID) tenant associated with the account has been blocked because it has been inactive beyond Microsoft’s inactivity threshold.

    Key points from the documented behavior:

    • When a tenant is inactive for more than 200 days past the billing cycle, it is blocked and sign-in is prevented with error AADSTS5000225.
    • After the tenant is blocked, there is a 20‑day grace period during which the tenant administrator can request reactivation.
    • If more than 20 days have passed since the block, the tenant is permanently deleted and cannot be recovered.

    Mitigation options depending on the situation:

    1. If the tenant has been blocked for less than 20 days
      • A tenant administrator must contact Microsoft support to request tenant reactivation. Administrators can use the global support phone numbers listed in Microsoft documentation.
      • Do not open multiple support requests for the same issue while an existing case is in progress.
    2. If the tenant is already deleted (blocked for more than 20 days)
      • The tenant cannot be recovered. A new tenant must be created and associated with the account if Azure services are needed again.
    3. If the account is a new/free Azure account that shows this error
      • In some reported cases, going to https://signup.azure.com in a clean browser session (incognito, with all site data cleared) and signing in with the same email allowed the user to continue setup or upgrade the free account to Pay‑As‑You‑Go, which then restored portal access.
    4. If sign-in is blocked but the browser may be causing issues
      • Sign out of all Microsoft accounts in the browser.
      • Clear all site data/cookies for Microsoft/Azure sites.
      • Try signing in again, including using tenant-specific URLs such as:
        • https://portal.azure.com/<TenantId>
        • https://portal.azure.com/<yourTenantName>.onmicrosoft.com
    5. If the goal is only to use Microsoft Authenticator or Entra ID with a different or new tenant
      • Create a new tenant (if able to sign in to https://entra.microsoft.com/ with the account) under Entra ID → Overview → Manage tenants, then use that tenant’s domain (e.g. xxx.onmicrosoft.com) when accessing the Azure portal.

    For MSAL-based applications receiving interaction_required in code:

    • For public client applications (IPublicClientApplication), call AcquireTokenInteractive so the user can sign in interactively.
    • For confidential client applications, inspect the Claims property on the exception and follow the documented claims challenge handling.

    If the tenant is truly blocked due to inactivity and within the 20‑day window, only Microsoft support can reactivate it; otherwise a new tenant is required.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.