Forum Discussion
Completely migrate DevOps Organisation to new Tenant and Subscription
- Coming back to my own request.
We've done the migration last week and it was quite smooth.
With the help and steps described here: https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription we were able to reactivate most of the pipelines and resources without problems.
KeyVault was a bit specific but once done like described it worked again immediately.
The big work was at customer site to modify all pipelines with the new ServicePrinciples.
Ben
Hi David,
I don't think that would have changed our approach.
If you do a tenant-to-tenant migration and DevOps also uses Azure resources (WebApp, StorageAccount, KeyVault, ecc) you still have to do the same steps.
If it helps you, these were roughly our steps (keep in mind that in this case we also did an Office 365 migration)
- Prepare the users in the new tenant
- Change the AAD connection for DevOps (https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/change-azure-ad-connection?view=azure-devops)
- UserMapping after migration in DevOps
- Document all RBAC, Roles, ecc. as described here: https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription
- Migration of the subscription to the new tenant
- Restore RBAC, KeyVault, StorageAccount accesses in the new tenant
- Re-create all ServicePrincipals in DevOps and adjust the pipelines
Regards,
Ben
