Migrate security resources to global Azure
Important
Since August 2018, we have not been accepting new customers or deploying any new features and services into the original Microsoft Cloud Germany locations.
Based on the evolution in customers’ needs, we recently launched two new datacenter regions in Germany, offering customer data residency, full connectivity to Microsoft’s global cloud network, as well as market competitive pricing.
Additionally, on Sept 30th, 2020, we announced that the Microsoft Cloud Germany would be closing on October 29th, 2021. More details are available here: https://www.microsoft.com/cloud-platform/germany-cloud-regions.
Take advantage of the breadth of functionality, enterprise-grade security, and comprehensive features available in our new German datacenter regions by migrating today.
This article has information that can help you migrate Azure security resources from Azure Germany to global Azure.
Note
We recommend that you use the Azure Az PowerShell module to interact with Azure. See Install Azure PowerShell to get started. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
Azure Active Directory
For information about migrating Azure Active Directory, see Migrate identities.
Key Vault
Some features of Azure Key Vault can't be migrated from Azure Germany to global Azure.
Encryption keys
You can't migrate encryption keys. Create new keys in the target region, and then use the keys to protect the target resource (for example, Azure Storage or Azure SQL Database). Securely migrate the data from the old region to the new region.
Application secrets
Application secrets are certificates, storage account keys, and other application-related secrets. During a migration, first create a new key vault in global Azure. Then, complete one of the following actions:
- Create new application secrets.
- Read the current secrets in Azure Germany, and then enter the value in the new vault.
Get-AzKeyVaultSecret -vaultname mysecrets -name Deploydefaultpw
For more information:
- Refresh your knowledge by completing the Key Vault tutorials.
- Review the Key Vault overview.
- Review the Key Vault PowerShell cmdlets.
VPN Gateway
Migrating an Azure VPN Gateway instance from Azure Germany to global Azure isn't supported at this time. We recommend that you create and configure a new instance of VPN Gateway in global Azure.
You can collect information about your current VPN Gateway configuration by using the portal or PowerShell. In PowerShell, use a set of cmdlets that begin with Get-AzVirtualNetworkGateway*.
Make sure that you update your on-premises configuration. Also, delete any existing rules for the old IP address ranges after you update your Azure network environment.
For more information:
- Refresh your knowledge by completing the VPN Gateway tutorials.
- Learn how to create a site-to-site connection.
- Review the Get-AzVirtualNetworkGateway PowerShell cmdlets.
- Read the blog post Create a site-to-site connection.
Application Gateway
Migrating an Azure Application Gateway instance from Azure Germany to global Azure isn't supported at this time. We recommend that you create and configure a new gateway in global Azure.
You can collect information about your current gateway configuration by using the portal or PowerShell. In PowerShell, use a set of cmdlets that begin with Get-AzApplicationGateway*.
For more information:
- Refresh your knowledge by completing the Application Gateway tutorials.
- Learn how to create an application gateway.
- Review the Get-AzApplicationGateway PowerShell cmdlets.
Next steps
Learn about tools, techniques, and recommendations for migrating resources in the following service categories: