AZ-500 Question #152: Real Exam Question with Answer & Explanation

Question

You have an Azure subscription. You configure the subscription to use a different Azure Active Directory (Azure AD) tenant. What are two possible effects of the change? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Options

• ARole assignments at the subscription level are lost.
• BVirtual machine managed identities are lost.
• CVirtual machine disk snapshots are lost.
• DExisting Azure resources are deleted.

Explanation

Transferring an Azure Subscription to a Different Azure AD Tenant

When you move an Azure subscription to a different Azure AD tenant, role assignments (RBAC) are permanently deleted because those assignments are tied to user/group/service principal object IDs that exist in the original tenant - they have no meaning in the new tenant and cannot be migrated. Similarly, managed identities for virtual machines are lost because managed identities are Azure AD objects (either system-assigned or user-assigned) that exist within a specific tenant; when the subscription moves, those identity objects no longer exist in the new tenant's context and must be recreated.

Why C and D are wrong: Disk snapshots (C) are Azure resource objects stored independently of Azure AD - they remain intact after a tenant transfer. Existing Azure resources (D) are not deleted during a tenant transfer; the resources themselves (VMs, storage accounts, databases, etc.) continue to exist, which is a key point of the operation.

💡 Memory Tip: Think of Azure AD as a security/identity layer sitting on top of your resources. Moving tenants wipes anything tied to identity (role assignments, managed identities) but leaves the underlying infrastructure resources untouched - "Identity goes, infrastructure stays."

No community discussion yet for this question.