2

I have an Azure Service Principal that I use with my proj pipeline (Azure DevOps). I'm going to provision an environment for the client in azure with my subscription.

I'm going to transfer the subscription to the client (Which I know how to do). But my question is:

  1. Do Azure Service Principals; since they're related to a subscription, persist in my subscription or do they change scopes do to subscription transfer?
  2. Do Service Principal owners and/or roles get transfer? -I ask this because I need to maintain client resources. Therefore I still need access to their environment.
BAcevedo
  • 105
  • 3
  • 12
  • 1
    I would check with Azure support. I believe they may be able to assist in AD resource migration. –  Mar 05 '19 at 18:10

1 Answers1

2

If you transfer a subscription to a new Azure AD tenant, all role assignments in role-based access control (RBAC) are permanently deleted from the source tenant and are not migrated to the target tenant.

https://learn.microsoft.com/en-us/azure/billing/billing-subscription-transfer

I'm pretty sure service principal cannot migrate, since you are changing tenant

Does everything transfer? Including resource groups, VMs, disks, and other running services?
All your resources like VMs, disks, and websites transfer to the new owner. However, any administrator roles and Role-based Access Control (RBAC) policies you've set up do not transfer across different directories. Also, app registrations and other tenant-specific services don't transfer along.
4c74356b41
  • 69,186
  • 6
  • 100
  • 141
  • So once the subscription is transfer they would need to create a service principal with my email so I can keep updating client environment? – BAcevedo Mar 05 '19 at 16:38
  • service principal cannot be with an email, thats a user – 4c74356b41 Mar 05 '19 at 16:39
  • yes, just phrased like that for simplicity purposes. They would need to invite me to a team within there organization and then grant me permissions/role to use the service principal if I'm not mistaking. Thanks for the answer – BAcevedo Mar 05 '19 at 16:41