Forum Discussion
Azure subscription transfer
You are actually transferring your subscription to a different AAD tenant, not the other way around. Since there can only be one "authoritative" AAD directory per Azure subscription, it is not possible to transfer "role assignments". What you could do instead, is:
- export current role assignments with 'security principals' (users, groups, SPNs, MIs), roles, and scopes
- map those original security principals with their "representatives" in the new tenant
- prepare a script (or a template) that will populate the RBAC with those role assignments as a bulk operation to minimize any disruptions this transfer may cause
There is a comprehensive guide about the transfer with recommended workflow: Transfer an Azure subscription to a different Azure AD directory | Microsoft Docs
You are actually transferring your subscription to a different AAD tenant, not the other way around. Since there can only be one "authoritative" AAD directory per Azure subscription, it is not possible to transfer "role assignments". What you could do instead, is:
- export current role assignments with 'security principals' (users, groups, SPNs, MIs), roles, and scopes
- map those original security principals with their "representatives" in the new tenant
- prepare a script (or a template) that will populate the RBAC with those role assignments as a bulk operation to minimize any disruptions this transfer may cause
There is a comprehensive guide about the transfer with recommended workflow: Transfer an Azure subscription to a different Azure AD directory | Microsoft Docs
- Thank you very much David. I got the correct idea from your well explained answer. It was very supportive. Thanks again. 😊
- I'm glad it helped. Will you please mark my response as the answer? Thx.
