Moving Data and Resources from an Azure Subscription linked to an Entra ID to another Azure Subscription linked to a different Entra ID

Taranjeet Malik 546 Reputation points
2023-09-14T06:12:21.3766667+00:00

Hi

Our company acquired another company. Both the entities have their own M365 suite, Entra ID and Azure subscriptions linked to their corresponding Entra ID. We are in process of consolidating this environment by creating a new M365 and Entra ID tenant. As for the Azure existing subscriptions, we're evaluating the following two approaches:

  1. Transfer the existing Azure Subscriptions from old Entra ID tenant to the new one. This is described here--> https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription
  2. Create completely new Azure subscriptions linked to the new Entra ID tenant and migrate resources / data from existing Azure subscription to the new ones. This is described here--> https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscription

Have a couple of questions in this regards:

  1. Which one of the two options should be preferred and why?
  2. Reading through the article (https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscription), I see the prerequisite that states this "The source and destination subscriptions must exist within the same Azure Active Directory tenant." - just wondering is this is a mandate? Can we not move resources / data across subscriptions linked to different Entra ID tenants?

Request inputs from community / share their experience with any such scenarios.

Thanks

Taranjeet Singh

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,452 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 36,841 Reputation points Microsoft Employee
    2023-09-14T23:54:53.65+00:00

    @Taranjeet Malik

    While both methods have advantages and disadvantages, I would say that the second method is overall better since it would allow you to avoid downtime. If you migrate the resources manually, one resource group at a time, you will have more overall control, prevent downtime, and be avoid potential issues. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscription

    The first method is less manual though, and better if your scenario matches any of the following from Deciding whether to transfer a subscription to a different directory:

    • Because of a company merger or acquisition, you want to manage an acquired subscription in your primary Azure AD directory.
    • Someone in your organization created a subscription and you want to consolidate management to a particular Azure AD directory.
    • You have applications that depend on a particular subscription ID or URL and it isn't easy to modify the application configuration or code.
    • A portion of your business has been split into a separate company and you need to move some of your resources into a different Azure AD directory.
    • You want to manage some of your resources in a different Azure AD directory for security isolation purposes.

    As for your second question, the prerequisite you cited means that you cannot move resources/data across subscriptions linked to different Entra ID tenants. This is currently not supported. For a cross-subscription move, the data needs to exist in the same tenant within the subscription. To get around this, you would need to move resource groups from one tenant to another, export all of the data from one subscription, and import into the new one. There is a detailed discussion around this here that may be helpful to you: [https://learn.microsoft.com/en-us/answers/questions/505287/move-of-resources-between-2-different-tenants-(sub](https://learn.microsoft.com/en-us/answers/questions/505287/move-of-resources-between-2-different-tenants-(sub)

    There is also a guide here that details this process. It is not a straightforward move and much of it needs to be done manually: https://social.technet.microsoft.com/wiki/contents/articles/51360.azure-how-to-move-resources-between-subscriptions-under-different-tenants.aspx

    If the information helped address your question, please Accept the answer. This will help us and improve discoverability for others in the community who may be researching similar question.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.