Share via

Moving Subscriptions with Azure Rest API

Edward Hakin 1 Reputation point
2022-04-28T17:39:29.833+00:00

I've been trying to move subscriptions under one management group to other management groups using Azure REST API and, according to documentation it seems possible using PATCH on this endpoint:

https://management.azure.com/providers/Microsoft.Management/managementGroups/{groupId}?api-version=2020-05-01

with a corresponding JSON body:

{
"properties":{
"tenantId": "${tenantId}",
"displayName": "${displayName}",
"name": "/providers/Microsoft.Management/managementGroups/${displayName}",
"children": [
{
"type": "/subscriptions",
"displayName": "${displayName}",
"id": "/subscriptions/${subscriptionId}",
"name": "${subscriptionId}"
}
]
}
}

service principal has these custom 'action' permissions:

                "Microsoft.Management/managementGroups/write",
                "Microsoft.Management/managementGroups/subscriptions/write",
                "Microsoft.Authorization/roleAssignments/write",
                "Microsoft.Authorization/roleAssignments/delete",
                "Microsoft.Management/register/action",
                "Microsoft.Management/managementGroups/read",
                "Microsoft.Management/managementGroups/subscriptions/read"

Posting the above JSON body, with supplied bearer token to the above endpoint returns responses '200 OK.' Yet, no actions are taken in the portal, and the subscription remains in the original management group.

Is there anything that I'm doing incorrectly here / should check?

Azure Resource Mover
Azure Resource Mover
An Azure service used for moving multiple resources between Azure regions.
287 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Edward Hakin 1 Reputation point
    2022-05-02T18:19:55.263+00:00

    FYI, the issue was because I was using the incorrect API. Should have been using this https://learn.microsoft.com/en-us/rest/api/managementgroups/management-group-subscriptions/create for actually moving an existing subscription to another management group.

    All search results kept returning https://learn.microsoft.com/en-us/rest/api/managementgroups/management-groups, and it seems that moving / updating management groups to include new 'child' subscriptions would be possible using this API...but apparently it's not. Would be helpful if that was documented more clearly to save other users time.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.