Migrate Security Resources

This article has information that you may find helpful as you migrate Azure security resources across Azure regions.

Key Vault

Some features of Azure Key Vault can’t be migrated across Azure regions.

Encryption keys

You can’t migrate encryption keys. Create new keys in the target region, and then use the keys to protect the target resource (for example, Azure Storage or Azure SQL Database). Securely migrate the data from the old region to the new region.

Application secrets

Application secrets are certificates, storage account keys, and other application-related secrets. During a migration, first create a new key vault in the target Azure region. Then, complete one of the following actions:

• Create new application secrets.
• Read the current secrets in the source Azure region, and then enter the value in the new vault.

Get-AzureKeyVaultSecret -vaultname mysecrets -name Deploydefaultpw

For more information:

• Refresh your knowledge by completing the Key Vault tutorials.
• Review the Key Vault overview.
• Review the Key Vault PowerShell cmdlets.

Application Gateway

See Application Gateway chapter of Migrate Network Resources.

VPN Gateway

See VPN Gateway chapter of Migrate Network Resources.

Azure Active Directory

Azure AD function has no regional properties and no migration is required.

Azure Information Protection

Azure Information Protection function has no regional properties and no migration is required.

Security Center

Security Center function has no regional properties and no migration is required.