Update different tenants

Author: cherylmc

articles/vpn-gateway/vpn-gateway-create-site-to-site-rm-powershell.md

@@ -5,7 +5,7 @@ titleSuffix: Azure VPN Gateway
 author: cherylmc
 ms.service: azure-vpn-gateway
 ms.topic: how-to
-ms.date: 12/02/2024
+ms.date: 03/25/2025
 ms.author: cherylmc 
 ms.custom: devx-track-azurepowershell
 
@@ -30,6 +30,8 @@ Verify that your environment meets the following criteria before beginning confi
   * Make sure you have a compatible VPN device and someone who can configure it. For more information about compatible VPN devices and device configuration, see [About VPN devices](vpn-gateway-about-vpn-devices.md).
   * Determine if your VPN device supports active-active mode gateways. This article creates an active-active mode VPN gateway, which is recommended for highly available connectivity. Active-active mode specifies that both gateway VM instances are active. This mode requires two public IP addresses, one for each gateway VM instance. You configure your VPN device to connect to the IP address for each gateway VM instance.<br>If your VPN device doesn't support this mode, don't enable this mode for your gateway. For more information, see [Design highly available connectivity for cross-premises and VNet-to-VNet connections](vpn-gateway-highlyavailable.md) and [About active-active mode VPN gateways](about-active-active-gateways.md).
 
+* If your virtual network gateway and local network gateway reside in different subscriptions and different tenants, you'll need to use slightly different steps. Review the [Connections with different tenants and different subscriptions](#tenants).
+
 ### Azure PowerShell
 
 [!INCLUDE [powershell](../../includes/vpn-gateway-cloud-shell-powershell-about.md)]
@@ -91,6 +93,26 @@ The shared key must match the value you used for your VPN device configuration.
    -ConnectionType IPsec -SharedKey 'abc123'
    ```
 
+## <a name="tenants"></a>Connections with different tenants and different subscriptions
+
+When the virtual network gateway and the local network gateway reside in different subscriptions and in different tenants, the connection commands need to be specified differently than in the previous section.
+
+For the LocalNetworkGateway that resides in Tenant2, Subscription 2, use the following commands. Adjust any variables to match your environment.
+
+```azurepowershell-interactive
+Connect-AzAccount -TenantID $Tenant2
+Select-AzSubscription -SubscriptionId $subscription2
+$local = Get-AzLocalNetworkGateway -Name Site1 -ResourceGroupName TestRG1
+```
+
+For the VirtualNetworkGateway that resides in Tenant2, Subscription2, use the following commands. Adjust any variables to match your environment.
+
+```azurepowershell-interactive
+Select-AzSubscription -SubscriptionId $subscription2
+$gateway1 = Get-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1
+New-AzVirtualNetworkGatewayConnection -Name VNet1toSite1 -ResourceGroupName TestRG1 -Location 'East US' -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local -ConnectionType IPsec -SharedKey 'abc123'
+```
+
 ## <a name="toverify"></a>Verify the VPN connection
 
 There are a few different ways to verify your VPN connection.