# Moving Resources {% hint style="warning" %} Moving SCEPman resources from **tenant to tenant** is not supported. For more information on the underlying problem, see {% endhint %} ## Preparations * Resources associated with the private endpoint cannot be moved. Therefore, if your SCEPman is using Private endpoints, the following SCEPman resources are not movable: * 1x Virtual network * 2x Private endpoints * 2x Network Interface * 2x Private DNS zone {% hint style="info" %} **Alerts and Action groups** are also not movable. In case you have any, they need to be reconfigured in the new subscription. If you are using an **App Service managed certificate** you [cannot move it](https://learn.microsoft.com/th-th/azure/azure-resource-manager/management/move-limitations/app-service-move-limitations#move-with-free-managed-certificates). Instead, delete and recreate it after moving the web app. {% endhint %} * Movable SCEPman resources are: * App Service Plan * SCEPman and Certificate Master App Services * Storage Account * Key Vault * Log Analytics Workspace #### Since Private Endpoints are not movable, you need to take the following steps (if your SCEPman is not using Private endpoints, skip these steps): * First, enable public access on the Key Vault and Storage Account and remove the private endpoints

* Then, disconnect the outbound network integration on both app services

The same applies to the Certificate Master App service. ## Moving Resources {% hint style="warning" %} After moving SCEPman resources to the new subscription, SCEPman will lose its connection to the Storage Account. To resolve this, you will need to [run the Complete-SCEPmanInstallation command](/scepman-deployment/permissions/post-installation-config.md#disabled-homepage). Please note that this will be the only **downtime** during the process (from moving the resources until you run the command), which should be resolved within 3-5 minutes. {% endhint %} {% hint style="warning" %} Make sure to have the [required permissions](/scepman-deployment/permissions/post-installation-config.md#prerequisites) to run the [*Complete-SCEPmanInstallation* CMDlet](/scepman-deployment/permissions/post-installation-config.md#running-the-scepman-installation-cmdlet) before moving the resources. {% endhint %} * Create a new Resource group in the target subscription. * Now move the resources. An easy way to move resources is to select them in the Resource group and choose "Move to another subscription" option

* Then you need to choose the new Subscription and Resource group, resources will be validated and moved. ## After moving SCEPman resources: * To fix the connection to the Storage Account, [run the *Complete-SCEPmanInstallation* CMDlet.](/scepman-deployment/permissions/post-installation-config.md#running-the-scepman-installation-cmdlet) * Now you have the option to reconfigure the private endpoints as mentioned at [Private Endpoints](https://docs.scepman.com/architecture/private-endpoints) ## Considerations regarding the location of the moved SCEPman resources * Moving resources within the same resource group location is possible. * Moving resources between different resource group locations, the resources will remain in the original location and will simply be listed in the new resource group under a different location. E.g.:

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.scepman.com/azure-configuration/move-scepman-resources.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.