Azure VNet Peering across Azure Active Directory tenants using Service Principal authentication

In this this video, we look at how to create Azure Virtual Network Peering across subscriptions that are in different Azure Active Directory tenants using Service Principal authentication. We look at how to mark Azure AD application in one of the tenants as “multi-tenanted”, how to consent to the multi-tenanted application from the second tenant, and how to establish the VNet peering using Service Principal authentication using Azure PowerShell and Azure Resource Manager REST API calls via Postman.

Video Walkthrough

Tip: Play the video full screen.

Table of Contents

00:00 Beginning of video
01:07 Mark Azure AD app as “multi-tenanted”
04:05 Consent to the multi-tenanted app to create service principal in 2nd tenant
07:09 Assign Contributor permission to the service principal
09:20 Create VNet peering using Azure PowerShell
14:21 Login using Azure CLI to obtain access tokens
17:25 Create VNet peering using Azure Resource Manager API in Postman

Update November 27, 2018: At 14:21 in the video above I mentioned that Azure CLI version 2.0.50 does not work properly with multi-tenanted service principals across tenant. As of November 27, Azure CLI team fixed the bug via Pull Request #7916 and future Azure CLI versions 2.0.52 and later will work properly. I tested just now using Docker image latest dev azure-cli build “docker run — it azuresdk/azure-cli-python:dev.

Mark Azure AD Application as Multi-Tenanted

In the 1st Azure AD tenant, create Azure AD application and set its Settings->Properties for multi-tenanted = Yes.
Record application id (client_id) and key (client_secret).

Create Service Principal from Application

In the 2nd Azure AD tenant, consent to the multi-tenanted application so that corresponding Service Principal is created in the 2nd tenant.

Consent URL example

Azure PowerShell Example

Azure CLI Example

ARM REST API Example

Thank you!

Please leave feedback and questions below or on Twitter https://twitter.com/ArsenVlad

Image for post
Image for post

Originally published at blogs.msdn.microsoft.com on November 20, 2018.

Written by

Principal Engineer / Architect, FastTrack for Azure at Microsoft

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store