When moving Azure resources to a different subscription/tenant, the cloud administrator must identify which resources can be migrated seamlessly and which resources may require some changes in the new destination. The Azure Key Vault is one of those that require a configuration change to reflect the new TenantId when moving between Azure AD tenants.
The following script will change all Key Vaults of the subscription defined in the $subName variable.
$subName ="ENTER-your-SubscriptionName"
Select-AzSubscription -SubscriptionName $subName
$vaults = Get-AzKeyVault
$tenantId = (Get-AzContext).Tenant.TenantId
ForEach ($vault in $vaults){
write-host $vault.ResourceId
$tmpVault = Get-AzResource -ResourceId $vault.ResourceId -ExpandProperties
$tmpVault.Properties.TenantId = $tenantId
$tmpVault.Properties.AccessPolicies = @()
Set-AzResource -ResourceId $vault.ResourceId -Properties $tmpVault.Properties -Force
}
More Quick Tips articles
- Restore Azure Key Vault using just two PowerShell cmdlets
- This overlooked feature in Visual Studio Code can speed release time
- Enabling Front Door managed certificates in Azure: Status update
- How to quickly check the status of all your Azure services
- Using location in a consistent way in your ARM template parameters
