Shifting my OAuth application from one Microsoft Azure account to another.

Question

Hello,

I am reaching out to request assistance with shifting my OAuth application from one Microsoft Azure account to another.

I currently have an OAuth application configured on my existing Azure account, but I would like to transfer it to a different Azure account. Can you please guide me through the necessary steps to accomplish this?

I appreciate your help in advance and look forward to hearing back from you soon.

Thank you.

Answer 1

Hello @M Integry there's not out of the box feature that helps you move an Azure AD application to a new tenant. You can however copy it using tools such as the Microsoft Graph API or the Microsoft Graph PowerShell SDK.

Depending on your application settings, the process may not be straighfoward. Some properties, like appId, should not be copied, others like identifierUris or web should be added later. Ids assigend to app roles or scopes may be persisted provided the original application is removed. References to principals should also be excluded since they won't be available in the destination tenant.

Connect-MgGraph -Scopes "Application.Read.All" -TenantId <source tenant id>
$Application = Get-MgApplication -Filter "appId eq '<app id>'"

Connect-MgGraph -Scopes "Application.ReadWrite.All" -TenantId <destination tenant id>
$NewApplication=New-MgApplication -Api $Application.Api -AppRoles $Application.AppRoles # etc
Update-MgApplication -ApplicationId $NewApplication.Id -Web $Application.Web # etc
New-MgServicePrincipal -AppId $NewApplication.AppId

# Optional: delete the source application
Connect-MgGraph -Scopes "Application.Read.All" -TenantId <source tenant id>
Remove-MgApplication -ApplicationId $Application.Id

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing similar issues can more easily find a solution.