![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 93%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
The error AADSTS5000225: This tenant has been blocked due to inactivity means the Microsoft Entra/Azure AD tenant behind the Azure subscription has been marked inactive and blocked. Resolution depends on how long it has been inactive and what access is still available.
- Determine whether the tenant can still be reactivated
- Tenants blocked due to inactivity can be reactivated only within 20 days of entering the inactive state. After 20 days, the tenant is deleted and not recoverable.
- This behavior and timeline are described in the “Tenant inaccessible due to inactivity” guidance.
- If the tenant has been inactive less than 20 days
- A tenant administrator must contact Microsoft support to request reactivation:
- Use the published global support phone numbers to reach Microsoft support.
- Open a support case and provide tenant details (tenant ID, domain name, subscription info, and error message
AADSTS5000225). - Do not submit multiple requests for the same issue; wait for the decision on the existing case.
- A tenant administrator must contact Microsoft support to request reactivation:
- If the tenant has been inactive more than 20 days
- The tenant is deleted and cannot be restored.
- In this case, the only path forward is to work with a new tenant:
- Sign in to the Microsoft Entra admin center (
https://entra.microsoft.com/) if possible. - Go to Entra ID → Overview → Manage tenants and create a new tenant.
- Use the new tenant’s domain name or tenant ID in the Azure portal URL, for example:
-
https://portal.azure.com/<TenantId> - or
https://portal.azure.com/<yourTenantName>.onmicrosoft.com
-
- From the new tenant, configure new subscriptions and resources as needed.
- Sign in to the Microsoft Entra admin center (
- Additional practical workarounds seen in similar cases
- If the account was created as a free Azure account and is blocked immediately when going to
portal.azure.com, some users have:- Opened a clean browser session (e.g., Chrome incognito with all data cleared).
- Gone to
https://signup.azure.comand signed in with the same email. - Completed the flow to upgrade the existing free account to a pay‑as‑you‑go offer (often still with no charges if nothing is used), which restored access.
- If the account was created as a free Azure account and is blocked immediately when going to
- If still locked out or unclear which tenant is affected
- If there is only one global admin and that admin is locked out or cannot see the tenant, a support ticket is required so Microsoft’s internal Data Protection/Escalation team can investigate and assist.
- Use the appropriate Microsoft support channel for Azure/Entra ID and provide the exact error
AADSTS5000225and any tenant identifiers available.
References:
- Tenant inaccessible due to inactivity
- 7 Day Old Azure Account: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A
- Error message: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A
- Error message: interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A