![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 30%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
461 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 1%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Yes, it is possible to migrate a private endpoint and private DNS zone from one tenant to a different tenant through subscription migration, but it requires careful planning and coordination between the tenants.
Here are the general steps you would need to follow:
- Create a new subscription in the target tenant, if it doesn't exist already.
- Export the private endpoint configuration and private DNS zone settings from the source subscription using Azure Resource Manager (ARM) templates or Azure PowerShell.
- Modify the exported configuration to replace references to resources in the source subscription with corresponding resources in the target subscription. This includes updating the Resource Group, Subscription ID, and Tenant ID.
- Import the modified configuration into the target subscription using ARM templates or Azure PowerShell.
- Test the private endpoint and private DNS zone to ensure that they are working correctly in the target subscription.
Note that there are several limitations and considerations to keep in mind when migrating private endpoints and private DNS zones across tenants, such as:
- The private endpoint and private DNS zone must be in the same region as the resources they are connecting to.
- The target subscription must have access to the virtual network and resource group where the private endpoint and private DNS zone are located.
- The target subscription must have the necessary permissions to access the resources being connected to via the private endpoint.
- If the private endpoint and private DNS zone are being used by other resources in the source subscription, those resources will need to be updated to use the new private endpoint and private DNS zone in the target subscription.
It is also important to involve all stakeholders in the migration process, including network administrators and application owners, to ensure a smooth and successful migration.
I hope this answer will be helpful :-)