Azure Tenant to Tenant Migration

Business Scenario:

The following are some reasons why customer might plan to migrate a
subscription from one tenant to another:

 Mergers and acquisitions: One of the reasons why companies

may need to reduce their spending and subscriptions is when they
undergo mergers and acquisitions. This process involves two
companies joining together or one company taking over another,
which can result in overlapping or redundant resources.
 Management: The customer wants to manage all subscriptions
under one Azure AD directory, but someone in their organization
created a subscription with a different directory.
 Complexity: Changing the settings or code of customer
applications is difficult since they depend on a specific subscriber ID
or URL.
 Corporate restructuring: As part of our business restructuring,
we have created a new company that will operate independently
from our current one. This means that some of your services and
resources will be transferred to a different Azure AD directory.
 Compliance requirements: One common scenario is that
customers want to manage some of their resources in a separate
Azure AD directory for security isolation purposes.

Challenges:

The following are some challenges in migrating subscription from one

tenant to another.

 Technical complexity: Migrating a subscription between tenants

involves migrating data, resources, and configurations.
 Downtime: Migrating a subscription between tenants may require
downtime, impacting your business operations. To minimize
downtime and to communicate any planned downtime to your users
in advance.
 Loss of configuration: If your subscription has complex
configurations, such as custom policies or resource templates, these
configurations may not transfer automatically during the migration.
 Security concerns: Migrating a subscription between tenants may
raise security concerns, particularly when moving sensitive data.
 Cost implications: Migrating a subscription between tenants may
have cost implications, particularly when moving to a tenant with a
different pricing structure.
  Resource availability: Migrating a subscription between tenants
may impact your resource availability, particularly when moving to a
tenant with a different region availability.

Solution Strategy:

Overview

 Tenant: When you sign up for a Microsoft cloud service

subscription, you automatically create an Azure Tenant, a dedicated
and trusted instance of Azure Active Directory. A tenant represents
your organization, identity, or person and contains all the accounts
and billing connections for the Azure services you use.
 Subscription: A Subscription is a private space with a unique ID
within the Tenant where you can deploy and manage all the
resources you use in the cloud, such as virtual networks, virtual
machines, databases, and various services.

Understand the impact of migrating a subscription.

 Several Azure resources are dependent on a directory or a

subscription. Depending on the circumstances. See, resources are
impacted.
  Make sure to examine each component to see if it is still necessary.
This is particularly valid if the membership offers access to some
development or testing environments.
 You should review your subscription and associated costs, such as
data transfer, to ensure the move is cost-effective.
 Pull together all your documentation on the solution and
components within the subscription.
 Go through every Microsoft reference posting about the migration of
subscriptions.
 Establish who will migrate subscriptions, whether it is Microsoft or a
representative of one of the businesses.

Check list for adding Azure source subscription to destination

tenant

1. Several Azure resources are dependent on a directory or a

subscription. Depending on the circumstances. See, resources are
impacted.
2. Make sure to examine each component to see if it is still necessary.
This is particularly valid if the membership offers access to some
development or testing environments.
3. You should review your subscription and associated costs, such as
data transfer, to ensure the move is cost-effective.
4. Pull together all your documentation on the solution and
components within the subscription.
5. Go through every Microsoft reference posting about the migration of
subscriptions.
6. Establish who will migrate subscriptions, whether it is Microsoft or a
representative of one of the businesses.

Procedure for migrating Subscription from one tenant to another.

1. The first step is to create a user with access to both tenants. The
user needs to have an active email id, and I will use the global
admin of the "TenantA" tenant for this purpose.
2. log in to Tenant, the old Tenant (TenantB), with an admin account
and go to "Azure Active Directory -> Users," and press "New guest
user."
3. Assign owner rights for the subscription to the guest we have just
added. It is required to be able to see and move the subscription to
another tenant. Go to subscriptions -> Access control (IAM) and
press "Add" in Add a role assignment.
4. To assign the guest user the "Owner" role, choose "Owner" from the
role options and select the guest user. Select "Save" to apply the
changes.
5. Look for an email with an invite in the guest user's inbox. Access the
email and press "Get Started."
6. Sign in with the credentials of the Guest User to the new Tenant
(TenantB). These are the same credentials used to login into the old
Tenant. (TenantA).
7. You are a guest user in this Tenant. To access its resources, you
must consent to the permissions. Click "Accept" to proceed.
8. check if you are the correct Tenant in the Azure portal. If not, select
"Switch directory."
9. Select the "all directories" tab; here, you should see both the old
Tenant (TenantB) and the new Tenant (TenantA). Select the old
Tenant (TenantB).
10. To change your subscription, navigate to the subscriptions
page and choose the subscription that you want to move.
11. Sign in and select a subscription from the Subscriptions page
in the Azure portal.
12. Select the subscription, press "Change directory," and select
the new Tenant—press "Change" to apply the changes.
13. Review the warnings. All Role-Based Access Control
(RBAC) users with assigned access and all subscription admins lose
access when the subscription directory changes.
14. Select a directory.
1. When you now refresh the page (this may take some time), the
subscription is gone in the old Tenant (TenantB)
 2. Click on the Default subscription filter "select all."

3. Success! To access the new directory, click on the directory

switcher. It might take 10 to 30 minutes for everything to show up
properly.
4. both subscriptions are displayed in the "Subscriptions" view.
5. The subscription has now been moved from the old Tenant
(TenantB) to the new Tenant (TenantA).

Post migration validation steps.

1. Verify accessibility to all major resources in the subscription as an

owner.
2. Validate the correct production operation of all applications within
the subscription.
3. Confirm the ability to see billing information in the Enterprise Azure
Portal.
 4. Set up all RBAC-based accounts needed to support the application
and infrastructure support activities. Assign those accounts
permissions to the subscription.
5. Create and assign any replacement management certificates as
required.
6. Validate that all backup routines are working.
7. Validate that all logic apps are working correctly.
8. Any Azure key vaults you have are also affected by a subscription
move, so change the critical vault tenant ID before resuming
operations.
9. If you want to delete the original directory, transfer the subscription
billing ownership to a new Account Admin.
10. Store SSL Certificate in the Destination subscription key vault;
if you have any key vaults, you must change the key vault tenant
ID.
11. You must re-enable these identities if you used system-
assigned Managed Identities for resources. If you used user-
assigned Managed Identities, you must re-create these identities.
After re-enabling or recreating the Managed Identities, you must re-
establish the permissions assigned to those identities.
12. You must re-register if you've registered an Azure Stack using
this subscription.
13. Refer to the link for more information Transfer an Azure
subscription to a different Azure AD directory.

Benefits:

Below are some benefits of migrating Azure subscription from one tenant
to another tenant.

 Consolidation of resources: If multiple subscriptions are spread

across different tenants, moving them to a single tenant can make
managing and monitoring your resources more accessible.
 Improved security: Moving a subscription to a more secure tenant
can reduce the risk of data breaches and cyber-attacks. This can be
especially important when dealing with sensitive or confidential
data.
 Simplified billing: Keeping track of billing and payments can be
challenging if you have multiple subscriptions across different
tenants. Moving them to a single tenant can simplify this process
and make it easier to track expenses.
 Better collaboration: If you need to work with others in a different
tenant, having your subscription in the same Tenant can make
collaborating and sharing resources easier.
 Subscriptions to a single tenant can simplify management,
reduce costs, and improve team collaboration.