Getting "AADSTS5000225: This tenant has been blocked due to inactivity"? Microsoft locked your Azure AD tenant after 200+ days of billing inactivity. You have 20 days to recover access before the tenant is permanently deleted.

What Causes AADSTS5000225

Microsoft blocks Azure AD tenants after:

- 200+ days of billing inactivity (no paid services, no active subscriptions)

- No user sign-ins during that period

- No admin activity in the portal

Timeline:

- Day 200: Tenant flagged for deletion

- Email warnings sent to global admin

- If no action: Tenant blocked with AADSTS5000225

- 20 days later: Tenant and all data permanently deleted

The Fix

Contact Microsoft support to request tenant reactivation.

Step 1: Verify Recovery Window

Check if you're within the 20-day recovery window. If the tenant was blocked more than 20 days ago, it's already deleted and can't be recovered.

Step 2: Contact Microsoft Support

You can't sign in to create a support ticket, so use one of these methods:

Option A: Call Microsoft Support

- US: 1-800-Microsoft (1-800-642-7676)

- Say "Azure billing" when prompted

Option B: Create a Free Azure Account

1. Go to Azure Portal

2. Sign in with a different email (not the blocked tenant)

3. Create a free Azure account

4. Go to Help + Support > New support request

5. Select:

- Issue type: Billing

- Problem: Account management

- Description: "Tenant [yourtenant.onmicrosoft.com] blocked with AADSTS5000225. Need reactivation."

Option C: Microsoft Q&A Forums

Post in Microsoft Q&A - Azure Active Directory with your tenant domain and error code. Microsoft engineers monitor this forum.

Step 3: Provide Verification

Microsoft will ask for proof of ownership:

- Tenant domain (yourcompany.onmicrosoft.com)

- Global admin email address

- Original subscription ID

- Proof of ownership:

- Email confirmation from tenant creation

- Receipt from paid Azure services

- Domain verification records

Step 4: Prevent Future Blocking

After reactivation:

# Sign in immediately
Connect-AzAccount

# Check subscription status
Get-AzSubscription

# Add a paid service to keep tenant active
# Even a $5/month App Service prevents blocking

To prevent future blocking:

1. Add a paid service:

- Azure App Service Basic (~$13/month)

- Azure Storage (~$0.50/month)

- Microsoft 365 E1 license (~$8/month)

2. Set calendar reminder to sign in every 90 days if keeping the tenant for lab/testing

3. Add a secondary global admin with different email for backup access

Export Data Before Deletion

If you don't need the tenant but want to save data:

# Export users
Connect-MsolService
Get-MsolUser -All | Export-Csv C:\Temp\users.csv -NoTypeInformation

# Export groups
Get-MsolGroup -All | Export-Csv C:\Temp\groups.csv -NoTypeInformation

# Export app registrations
Connect-AzureAD
Get-AzureADApplication | Export-Csv C:\Temp\apps.csv -NoTypeInformation

You must regain access before the 20-day window expires. After deletion, all data is gone.

Prevention

For lab/certification tenants, use a Microsoft 365 developer subscription. It's free for 90 days and auto-renews if you're actively using it.

For dormant business tenants, add a cheap paid service to prevent auto-deletion.

Check the global admin email regularly. Microsoft sends warnings before blocking tenants.

Need hands-on help? Contact RainCity Techworks.