How to migrate an Individual resource or a Subscription to new tenant in Azure. Does it also move all the data from different services like CosmosDB, SQL and Storage accounts? Do we need to create new subscr in new tenant or it will create subscr

Question

Hi team.

We are planning to move our subscriptions and its resources from one tenant to another Microsoft tenant. We have a following query related to same and it would be good if you can guide is in the right direction.

1. Can we move individual resources from one subscription to another subscription from different tenant? If yes, how can we do that? Is there any documentation for the same?
2. If we can't move individual resources and recreate resources in new tenant, what are the best way to move data from old tenant to new tenant?

Are there any tools available to do that? We are using Cosmos DB, SQL, Storage accounts and VM's which stores data.

3. I have read we have an option to move entire subscription from one tenant to another tenant. But I would like to understand below few things on those aspects.

a) When we move subscription does it move VNET and all its networking components like subnets, peering, NSGs and any other configuration related to that VNET, or do we need to create VNET on new tenant before the movement?

b) Does it also move all the data from different services like Cosmos DB, SQL and Storage accounts?

c) Do we need to create new subscription in new tenant, or it will create subscription with same name in new tenant?

Answer 1

Whether you can move individual resources between subscriptions of different tenants depends on the type of resource. Azure has specific guidelines for what can and cannot be moved.

You can check here :

https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/move-resources-overview

If direct transfer is not possible, you might need to export the data from services like Cosmos DB, SQL, and Storage Accounts, and then import it into the new tenant.

Organizations might have several Azure subscriptions. Each subscription is associated with a particular Microsoft Entra directory. To make management easier, you might want to transfer a subscription to a different Microsoft Entra directory. When you transfer a subscription to a different Microsoft Entra directory, some resources are not transferred to the target directory. For example, all role assignments and custom roles in Azure role-based access control (Azure RBAC) are permanently deleted from the source directory and are not transferred to the target directory.

Check this link : https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription

When you move a subscription, it should include all the resources within that subscription, including VNETs and their configurations like subnets, peering, NSGs... However, you need to check for any dependencies or configurations that might require manual intervention.

Keep in mind that moving a subscription does not inherently move the data stored in services like Cosmos DB, SQL databases, and Storage accounts. The data associated with these services is part of the subscription, so if the entire service (for example the SQL server, Cosmos DB account) is moved, the data should also move with it.

When moving a subscription to a new tenant, you generally don't need to create a new subscription in the target tenant. The existing subscription is transferred to the new tenant, retaining its name and ID. However, post-migration, some settings might need to be reconfigured, like Azure policies and access controls.

https://learn.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide