What happens to Azure Service Principal Ownership/Roles when subscription is transfer

2
votes

I have an Azure Service Principal that I use with my proj pipeline (Azure DevOps). I'm going to provision an environment for the client in azure with my subscription.

I'm going to transfer the subscription to the client (Which I know how to do). But my question is:

  1. Do Azure Service Principals; since they're related to a subscription, persist in my subscription or do they change scopes do to subscription transfer?
  2. Do Service Principal owners and/or roles get transfer? -I ask this because I need to maintain client resources. Therefore I still need access to their environment.
1
azureazure-devopssubscriptionservice-principal
I would check with Azure support. I believe they may be able to assist in AD resource migration.user5780947

1 Answers

2
votes

If you transfer a subscription to a new Azure AD tenant, all role assignments in role-based access control (RBAC) are permanently deleted from the source tenant and are not migrated to the target tenant.

https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer

I'm pretty sure service principal cannot migrate, since you are changing tenant

Does everything transfer? Including resource groups, VMs, disks, and other running services?
All your resources like VMs, disks, and websites transfer to the new owner. However, any administrator roles and Role-based Access Control (RBAC) policies you've set up do not transfer across different directories. Also, app registrations and other tenant-specific services don't transfer along.