Moving Azure Management Service from one tenant to another, keeping the app registration to connect

Question

I'm trying to move an azure API management service from tenantA to tenantB To give third parties the possibility to connect, two app registrations have been created. App registration A is allowed to connect to the API. App registration B is allowed to connect to APP registration A and is used by third partner to connect to the API.

Question: Is it possible to move the API management service to tenantB, and keeping the app registrations from tenantA. So the exisiting app registration(A) in tenantA should be allowed to connect to the api in tenantB

UPDATE

After reading some more, I've come accros multi-tenant applications. Would it be possible to connect application from tenantA to application from tenantB (which is allowed to connect to the api's)? And if so, would it be possible to limit access (not via code)?

Answer 1

Unfortunately it is not possible to migrate Azure AD App Registrations from one Azure AD tenant to another Azure AD tenant. You have to recreate Azure AD App Registrations in new Azure AD tenant and map all roles and permissions to new App Registration.

Explanation: An Azure AD App Registrations is defined by its one and only application object, which resides in the Azure AD tenant where the application was registered (known as the application's "home" tenant).

https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals

https://docs.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription#understand-the-impact-of-transferring-a-subscription

Answer 2

As a workarround, moving the resources from one tenant to another tenant, and keeping the old tenant as resource provider did the trick. (at least for moving the resources).

The old tenant is still used as authentcication provider. To get rid if this another way of authentication will be needed (new subscription or third party).