Common questions
This article answers common questions about Azure Resource Mover.
Currently, you can move resources from any source public region to any target public region and within regions in China, depending on the resource types available in that region. Moving resources within Azure Gov is also supported (US DoD Central, US DoD East, US Gov Arizona, US Gov Texas, US Gov Virginia). US Sec East/West/West Central are not currently supported.
Azure Resource Mover is currently available as follows:
| Support | Details |
|---|---|
| Move support | Azure resources that are supported for a move with Resource Mover can be moved from any public region to another public region and within regions in China. Moving resources within Azure Gov is also supported (US DoD Central, US DoD East, US Gov Arizona, US Gov Texas, US Gov Virginia). US Sec East/West/West Central are not currently supported. |
| Metadata support | Supported regions for storing metadata about machines to be moved include East US2, North Europe, Southeast Asia, Japan East, UK South, and Australia East as metadata regions. Moving resources within the Microsoft Azure operated by 21Vianet region is also supported with the metadata region China North2. |
Using Resource Mover, you can currently move the following resources across regions:
- Azure virtual machines and associated disks (Azure Spot virtual machines are not currently supported)
- Network Interface Cards
- Availability sets
- Azure virtual networks
- Public IP addresses (Public IP will not be retained across regions)
- Network security groups (NSGs)
- Internal and public load balancers
- Azure SQL databases and elastic pools
You can't select disks as resources to the moved across regions. However, disks are moved as part of a virtual machine move.
Currently, Azure Resource Mover only supports move across regions within the same subscription. Move across subscriptions is not supported.
However, on the Azure portal, Azure Resource mover has an entry point to enable the move across subscriptions. The capability to move across subscriptions is supported by Azure Resource Manager (ARM). Learn more.
Moving across regions and across subscriptions is a two-step process:
- Move resources across regions using Azure Resource Mover.
- Use Azure Resource Manager (ARM) to move across subscriptions once resources are in the desired target region.
You can change the subscription after moving resources to the destination region. Learn more about moving resources to a different subscription.
No. Resource Mover service doesn't store customer data, it only stores metadata information that facilitates tracking and progress of resources you move.
It's stored in an Azure Cosmos DB database, and in Azure Blob storage, in a Microsoft subscription. Currently, metadata is stored in East US 2 and North Europe. We plan to expand this coverage to other regions. This doesn't restrict you from moving resources across any public region.
Yes, both in transit and at rest.
- During transit, the metadata is securely sent to the Resource Mover service over the internet using HTTPS.
- In storage, metadata is encrypted.
Managed identity (formerly known as Managed Service Identity (MSI)) provides Azure services with an automatically managed identity in Microsoft Entra ID.
Resource Mover uses managed identity so that it can access Azure subscriptions to move resources across regions.
A move collection needs a system-assigned identity, with access to the subscription that contains resources you're moving.
If you move resources across regions in the portal, this process happens automatically.
If you move resources using PowerShell, you run cmdlets to assign a system-assigned identity to the collection, and then assign a role with the correct subscription permissions to the identity principal.
Azure Resource Mover managed identity needs at least these permissions:
- Permission to write/ create resources in user subscription, available with the Contributor role.
- Permission to create role assignments. Typically available with the Owner or User Access Administrator roles, or with a custom role that has the Microsoft.Authorization/role assignments/write permission assigned. This permission isn't needed if the data share resource's managed identity is already granted access to the Azure data store.
When you add resources in the Resource Mover hub in the portal, permissions are handled automatically as long as the user has the permissions described above. If you add resources with PowerShell, you assign permissions manually.
Important
We strongly recommend that you don't modify or remove identity role assignments.
There are a couple of reasons you might not have permission.
| Possible cause | Recommendation |
|---|---|
| You're not a Contributor and User Access Administrator (or Owner) when you add a resource for the first time. | Use an account with Contributor and User Access Administrator (or Owner) permissions for the subscription. |
| The Resource Mover managed identity doesn't have the required role. | Add the 'Contributor' and 'User Access administrator' roles. |
| The Resource Mover managed identity was reset to None. | Reenable a system-assigned identity in the move collection settings > Identity. Alternatively, in Add Resources, add the resource again, which does the same thing. |
| The subscription was moved to a different tenant. | Disable and then enable managed identity for the move collection. |
Change the source/target combinations as needed using the change option in the portal.
You can remove resources that you added to the move list. The exact remove behavior depends on the resource state. Learn more.
Learn more about Resource Mover components, and the move process.