Getting validation error(s) "Frontdoor application does not have read permission for the key vault" trying to migrate from classic to standard/premium

Question

Granted "Get" certificate permission in the key vault, however, still getting the same error. Not sure what is the issue here

Answer 1

@Babarske ,
Welcome to the Microsoft Q&A forum. I understand you are trying to Migrate your Classic AFD to standard/premium AFD and you are getting the error Frontdoor application does not have read permission for the key vault.

As per the Prerequisite section of the Migration documentation here can you please confirm if you have added the Microsoft.AzureFrontDoor-Cdn as an app in your Azure Active Directory and have granted Microsoft.AzureFrontDoor-Cdn access to your Key Vault?
You can follow the steps mentioned here for implementation.

Note- The Application Id of 205478c0-bd83-4e1b-a9d6-db63a3e1e1c8 is predefined by Azure for Front Door Standard and Premium tier across all Azure tenants and subscriptions. Azure Front Door (Classic) has a different Application Id.

Hope this helps! Please let me know if the issue still exists. Thank you!

Answer 2

I'm coming back to this thread after successfully being able to finish the migration just using the portal. Under your Access policies in your Azure Key Vault, you should see Microsoft.AzureFrontDoor-Cdn listed as one of the apps, not only Microsoft.Azure.FrontDoor as your screenshot shows. If you don't, you can click on the Create button on the access policies page to add that. I hope this helps!