![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 9%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
The error indicates that the Microsoft Entra tenant is blocked due to inactivity and is now in the “inactive” stage of the tenant lifecycle. The interaction_required code is the generic OAuth2/MSAL signal that user interaction is required; the specific sub-error AADSTS5000225 means the tenant itself is blocked and sign-ins are no longer allowed.
Key points from the error:
-
interaction_required: User interaction is required; a simple silent token request cannot succeed. -
AADSTS5000225: This tenant has been blocked due to inactivity.: The tenant has been marked inactive because it hasn’t been used for an extended period.
Behavior of inactive tenants:
- When a tenant is inactive for more than a defined period (for example, over 200 days past the billing cycle in some scenarios), Microsoft’s systems block sign-in (AADSTS5000225).
- After 20 days in this blocked state, the tenant is permanently deleted and cannot be recovered.
Resolution options depend on how long the tenant has been blocked and what type of account/offer is in use:
- If the tenant has been blocked for less than 20 days
- Tenant administrators can request reactivation. This must be done before the 20‑day window expires; otherwise, the tenant is permanently deleted.
- The documented path is to contact Microsoft support as a tenant admin and request tenant reactivation. For commercial tenants, this is done via a support ticket or global support phone numbers.
- If the tenant has been blocked for more than 20 days
- The tenant is permanently deleted and cannot be restored.
- A new tenant must be created and used instead.
- For free/trial Azure accounts that show AADSTS5000225
- In some reported cases, going back through the signup flow at
https://signup.azure.comwith the same account allowed the user to “upgrade” or complete the account setup and regain access to Azure resources associated with the free trial. - If that path is not available or fails, tenant reactivation via Microsoft support (within the 20‑day window) is required.
- In some reported cases, going back through the signup flow at
- If access to Azure Portal is blocked
- It may be possible to sign in directly to a specific tenant using a URL that includes the tenant ID or tenant name, for example
https://portal.azure.com/<TenantId>orhttps://portal.azure.com/<yourTenantName>.onmicrosoft.com. This can sometimes allow access to open a support request or manage tenants, depending on the state of the tenant and the account’s role. - If the tenant is already in the permanently deleted state, these URLs will not restore access; a new tenant must be used.
- It may be possible to sign in directly to a specific tenant using a URL that includes the tenant ID or tenant name, for example
- If the goal is only to continue using Azure (not to recover the old tenant)
- Sign in to the Microsoft Entra admin center (
https://entra.microsoft.com), go to Entra ID → Overview → Manage tenants, and create a new tenant. - Then access Azure Portal using the new tenant’s domain name or tenant ID in the URL (for example,
https://portal.azure.com/<newTenantName>.onmicrosoft.com) and use that tenant going forward.
- Sign in to the Microsoft Entra admin center (
Because the error explicitly states that the tenant is blocked due to inactivity, the next concrete step is:
- Determine when the tenant was blocked.
- If within 20 days: contact Microsoft support as a tenant admin and request reactivation.
- If beyond 20 days: plan to use or create a new tenant and migrate any external dependencies (for example, sign-in to training, labs, or apps) to that new tenant.
References:
- Microsoft Entra authentication and authorization error codes
- InteractionRequiredAuthErrorCodes module
- MsalError.InteractionRequired Field
- Troubleshoot connections to Microsoft Entra joined VMs
- Error message: interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity - Microsoft Q&A
- 7 Day Old Azure Account: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A
- Error message: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A