![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 43%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKC%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,359 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 0%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 30%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Hello @Krisse Casimiro ,
Thank you for reaching out Microsoft Q&A.
I understand that you have changed your email on the azure account and your account was transferred by the MS Support but the Key Vault says your Tenant ID has changed and you can't renew your certificate because moving a key vault to another subscription will cause a breaking change to your environment.
Azure Key Vault is automatically tied to the default Microsoft Entra tenant ID for the subscription in which it is created. All access policy entries and roles assignments are also tied to the tenant ID.
If you move your Azure subscription from tenant A to tenant B, your existing key vaults will be inaccessible by the service principals in tenant B. To fix this issue, you need to:
- Change the tenant ID associated with all existing key vaults in the subscription to tenant B.
- Remove all existing access policy entries.
- Add new access policy entries associated with tenant B.
As you moved your subscription containing the key vault to a new tenant, you need to manually update the tenant ID and remove old access policies and role assignments.
follow the document when you are moving the Subscription containing key vault to the new tenant: https://learn.microsoft.com/en-us/azure/key-vault/general/move-subscription?source=recommendations#moving-a-key-vault-to-a-new-subscription
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Regards,
Goutam Pratti.