Merge pull request #296397 from terencefan/tefa/update-signalr-msi-doc

prmerger-automator[bot] · web-flow · commit ca13edfaabc4 · 2025-03-16T17:52:36.000Z
Update SignalR MSI doc to add cross tenant notes
diff --git a/articles/azure-signalr/howto-use-managed-identity.md b/articles/azure-signalr/howto-use-managed-identity.md
@@ -80,6 +80,13 @@ After you add a [system-assigned identity](#add-a-system-assigned-identity) or [
 1. In the managed identity authentication settings, for **Audience in the issued token**, you can specify the target **resource**. The **resource** will become an `aud` claim in the obtained access token, which can be used as a part of validation in your upstream endpoints. The resource can be in one of the following formats:
 
    - Application (client) ID of the service principal.
+
+     When using Application (client) ID, the application has to be in the same tenant that the Azure SignalR resource is in. If your application is in a different tenant, please follow these steps:
+     1. [Convert single-tenant app to multitenant on Microsoft Entra ID](/entra/identity-platform/single-and-multi-tenant-apps) to convert your application to a multitenant application.
+     2. [Create an enterprise application from a multitenant application in Microsoft Entra ID](/entra/identity/enterprise-apps/create-service-principal-cross-tenant?pivots=admin-consent-url) to provision your application in the current tenant.
+     
+     Then you'll be able to find the enterprise application by clicking the "Or select from existing applications".
+   
    - Application ID URI of the service principal.
 
    > [!IMPORTANT]
