Share via

Large blob storage migration from one Azure AD tenant to another

Nikolay Markov 20 Reputation points
2023-06-27T10:50:23.91+00:00

Hello team,

We are planning on migrating a large amount of data from one Azure AD Tenant to a new one and we are pondering what our best option is.

Here's the situation: There's a blob storage containing over 30 TB of data on the legacy subscription hosted on a production Azure AD tenant. It is also worth mentioning that the old blob storage is classic.

We need to get this data to a new subscription hosted in another Azure AD tenant as quickly and low-cost as possible.

So far we have come up with two options:

  1. We switch the subscription ownership of the entire storage account to the new subscription - as resources can only be moved between subscriptions and only subscriptions can change tenants, we will have to create a temporary subscription to hold the resource while we move it (along with the subscription) to the new tenant, and move it to its 3rd and final subscription in the new tenant. Delete the temporary subscription after.
  2. We use Az copy - copy all data while the resources referencing the blob storage are still active, then shut down the resources and perform an az copy sync to copy only changes. This migration is definitely going to take longer and I am told that will also incur charges for the traffic that is being generated.

Considering both of the above options we are inclined into using option 1 but I wanted to double verify if this is even viable and not implying any bugs/issues/concerns that we need to take care of.
Thanks for your answers.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,199 questions
0 comments
Accepted answer
  1. Carlos Solís Salazar 18,191 Reputation points MVP Volunteer Moderator
    2023-06-27T11:11:46.7266667+00:00

    Thank you for asking this question on the Microsoft Q&A Platform.

    You are correct, the best option is to move your subscription, you must consider the following

    all role assignments and custom roles in Azure role-based access control (Azure RBAC) are permanently deleted from the source directory and are not transferred to the target directory. Transferring an Azure subscription to a different Azure AD directory is a complex process that must be carefully planned and executed. Many Azure services require security principals (identities) to operate normally or even manage other Azure resources. This article tries to cover most of the Azure services that depend heavily on security principals, but is not comprehensive.

    Transfer subscription diagram

    More info https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription

    Hope this helps!

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.