Move SCEPman resources

Preparations

• Resources associated with the private endpoint cannot be moved. Therefore, if your SCEPman is using Private endpoints, the following SCEPman resources are not movable:

  • 1x Virtual network

  • 2x Private endpoints

  • 2x Network Interface

  • 2x Private DNS zone

• Movable SCEPman resources are:

  • App Service Plan

  • SCEPman and Certificate Master App Services

  • Storage Account

  • Key Vault

  • Log Analytics Workspace

Since Private Endpoints are not movable, you need to take the following steps (if your SCEPman is not using Private endpoints, skip these steps):

• First, enable public access on the Key Vault and Storage Account and remove the private endpoints

• Then, disconnect the outbound network integration on both app services

The same applies to the Certificate Master App service.

Moving Resources

• Create a new Resource group in the target subscription.

• Now move the resources. An easy way to move resources is to select them in the Resource group and choose "Move to another subscription" option

• Then you need to choose the new Subscription and Resource group, resources will be validated and moved.

After moving SCEPman resources:

• To fix the connection to the Storage Account, run the Complete-SCEPmanInstallation CMDlet.

• Now you have the option to reconfigure the private endpoints as mentioned at Private Endpoints

Considerations regarding the location of the moved SCEPman resources

• Moving resources within the same resource group location is possible.

• Moving resources between different resource group locations, the resources will remain in the original location and will simply be listed in the new resource group under a different location. E.g.: