Move Azure Subscriptions between Microsoft Entra ID tenants

Prerequisites: Permissions to invite new guest users in source tenant. Permissions to grant Owner permissions to subscription in source tenant. Permissions to accept guest invitations in destination tenant.

This guide shows you how to move an Azure subscription from one Microsoft Entra ID tenant to another. This can be useful if business requirements or other company structures have changed and you do not want to rebuild the resources.

Instructions using Entra ID guest user

The procedure is quite simple. The source tenant must simply invite the administrator account on the destination tenant as a guest. Once the invitation has been accepted, the user from the destination tenant can see the subscription in the Azure subscription and transfer it to their destination tenant via the Azure portal.

Limitations

There are various limitations. Here is a list of some that are already known in the community. It certainly makes sense to search the official Microsoft pages here.

• Role based access control roles cannot be taken over. This is actually logical, as the roles, groups and users are very likely to be completely different in the source and destination tenants. In addition, the elements certainly do not have the same IDs, which makes it impossible to migrate these role assignments.
• If billing is resolved at management group level, this is still handled in the source tenant and must be changed manually afterwards.

This list is not exhaustive and migrating subscriptions is always associated with risk.

How it is done

First you have to invite the user account from the destination tenant as guest user in the source tenant.

Log in to the source tenant and make sure that you have all permissions to invite guest users. You must also be able to adjust the IAM permissions on the subscription that you want to migrate.

Invite new guest user

You can now invite the user account in the source tenant as described in this guide: Quickstart: Add a guest user and send an invitation - Microsoft Entra External ID | Microsoft Learn

Make sure that the user has accepted the invitation. Check the guest users state under "Invitation state":

Add Azure role based access to guest user

If the user is successfully registered in the Entra ID, the subscription can be opened in the Azure portal and a new role assignment can be made under Access control.

Make sure to add the correct privileged administrator role:

Make sure to select the corresponding user account of the destination tenant. Under "Conditions" select the second property to grant all admin privileges:

Then you can create the role assignment.

Switch account and make sure to use the invited user account of the destination tenant from now on.

Start subscription migration

Switch directory to the source tenant and do the following steps:

Go to subscriptions and there you should see the subscription of the source tenant that you want to move. Open the subscription and make sure you are in the Overview blade.

Now you can choose "Change directory":

You can then select the destination tenant in this dialog. You must confirm that RBAC roles cannot be transferred.

Wait for the confirmation message that the subscription is being migrated. It can then take up to 10 minutes before you can reuse all resources. However, the resources are not offline, they are just not displayed. There is normally no downtime with this type of migration.

Switch to the destination tenant and wait for the completion of the migration. Make sure once the migration is complete, make sure that everything works as expected.

Migration of billing ownership

Once the previous steps have been completed, you can do the following. The billing accounts for the subscription are still in the old tenant at this stage and will remain there unless a migration is carried out.
If this migration is to be carried out, we recommend working through these instructions:

Change the account back to the source tenant.

1. Open This link using the current Billing Owner: My subscriptions - Microsoft Azure
2. Click on "Transfer billing ownership" and enter the UPN from the administrator of the destination tenant.

If the user does not have a mailbox (avoid unnecessary licenses), this button can be clicked again after execution to view the link for the subscription transfer and the status of the process.

Change the account to the destination tenant.

You must then log in to the link with the destination tenant admin and enter the company's contact details including the new credit card. Once this has been completed, you will be redirected to a page where you will see the billing account that has been transferred to the destination tenant.

Microsoft Docs: Transfer billing ownership of an MOSP Azure subscription - Microsoft Cost Management | Microsoft Learn