You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-network-manager/concept-cross-tenant.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,24 +5,24 @@ author: mbender-ms
5
5
ms.author: mbender
6
6
ms.service: virtual-network-manager
7
7
ms.topic: conceptual
8
-
ms.date: 3/22/2023
8
+
ms.date: 03/22/2023
9
9
ms.custom: template-concept
10
10
---
11
11
12
12
13
13
# Cross-tenant support in Azure Virtual Network Manager
14
14
15
-
In this article, you’ll learn about cross-tenant support in Azure Virtual Network Manager. Cross-tenant supports allows organizations to use a central Network Manager instance for managing virtual networks across different tenants and subscriptions.
15
+
In this article, you learn about cross-tenant support in Azure Virtual Network Manager. Cross-tenant supports allows organizations to use a central Network Manager instance for managing virtual networks across different tenants and subscriptions.
Cross-tenant support in Azure Virtual Network Manager allows you to add subscriptions or management groups from other tenants to your network manager. This is done by establishing a two-way connection between the network manager and target tenants. Once connected, the central manager can deploy connectivity and/or security admin rules to virtual networks across those connected subscriptions or management groups. This support will assist organizations that fit the following scenarios:
21
+
Cross-tenant support in Azure Virtual Network Manager allows you to add subscriptions or management groups from other tenants to your network manager. This is done by establishing a two-way connection between the network manager and target tenants. Once connected, the central manager can deploy connectivity and/or security admin rules to virtual networks across those connected subscriptions or management groups. This support assists organizations that fit the following scenarios:
22
22
23
23
- Acquisitions – In instances where organizations merge through acquisition and have multiple tenants, cross tenant support allows a central network manager to manage virtual networks across the tenants.
24
24
25
-
- Managed service provider – In managed service provider scenarios, an organization may manage the resources of other organizations. Cross-tenant support will allow central management of virtual networks by a central service provider for multiple clients.
25
+
- Managed service provider – In managed service provider scenarios, an organization can manage the resources of other organizations. Cross-tenant support allows central management of virtual networks by a central service provider for multiple clients.
26
26
27
27
## Cross-tenant connection
28
28
@@ -31,12 +31,12 @@ Establishing cross-tenant support begins with creating a cross tenant connection
31
31
- Network manager connection - You create a cross-tenant connection from your network manager. The connection includes the exact scope of the tenant’s subscriptions or management groups to manage in your network manager.
32
32
- Virtual network manager hub connection - the tenant creates a cross-tenant connection from their virtual network manager hub. This connection includes the scope of subscriptions or management groups to be managed by the central network manager.
33
33
34
-
Once both cross-tenant connections exist and the scopes are exactly the same, a true connection is established. Administrators can use their network manager to add cross-tenant resources to their [network groups](concept-network-groups.md) and to manage virtual networks included in the connection scope. Existing connectivity and/or security admin rules will be applied to the resources based on existing configurations.
34
+
Once both cross-tenant connections exist and the scopes are exactly the same, a true connection is established. Administrators can use their network manager to add cross-tenant resources to their [network groups](concept-network-groups.md) and to manage virtual networks included in the connection scope. Existing connectivity and/or security admin rules are applied to the resources based on existing configurations.
35
35
36
-
A cross-tenant connection can only be established and maintained when both objects from each party exist. When one of the connections is removed, the cross-tenant connection is broken. If you need to delete a cross-tenant connection, you'll perform the following:
36
+
A cross-tenant connection can only be established and maintained when both objects from each party exist. When one of the connections is removed, the cross-tenant connection is broken. If you need to delete a cross-tenant connection, you perform the following:
37
37
38
-
- Remove cross-tenant connection from the network manager side via Cross-tenant connections blade.
39
-
- Remove cross-tenant connection from the tenant side via Virtual network manager hub's Cross-tenant connections blade.
38
+
- Remove cross-tenant connection from the network manager side via Cross-tenant connections settings in the Azure portal.
39
+
- Remove cross-tenant connection from the tenant side via Virtual network manager hub's Cross-tenant connections settings in the Azure portal.
40
40
41
41
> [!NOTE]
42
42
> Once a connection is removed from either side, the network manager will no longer be able to view or manage the tenant's resources under that former connection's scope.
@@ -45,8 +45,8 @@ A cross-tenant connection can only be established and maintained when both objec
45
45
The resources required to create the cross-tenant connection contain a state, which represents whether the associated scope has been added to the Network Manager scope. Possible state values include:
46
46
47
47
* Connected: Both the Scope Connection and Network Manager Connection resources exist. The scope has been added to the Network Manager's scope.
48
-
* Pending: One of the two approval resources has not been created. The scope has not yet been added to the Network Manager's scope.
49
-
* Conflict: There is already a network manager with this subscription or management group defined within its scope. Two network managers with the same scope access cannot directly manage the same scope, therefore this subscription/management group cannot be added to the Network Manager scope. To resolve the conflict, remove the scope from the conflicting network manager's scope and recreate the connection resource.
48
+
* Pending: One of the two approval resources hasn't been created. The scope hasn't yet been added to the Network Manager's scope.
49
+
* Conflict: There's already a network manager with this subscription or management group defined within its scope. Two network managers with the same scope access can't directly manage the same scope, therefore this subscription/management group can't be added to the Network Manager scope. To resolve the conflict, remove the scope from the conflicting network manager's scope and recreate the connection resource.
50
50
* Revoked: The scope was at one time added to the Network Manager scope, but the removal of an approval resource has caused it to be revoked.
51
51
52
52
The only state that represents the scope has been added to the Network Manager scope is 'Connected'.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments