@Diederik Janson Welcome to Microsoft Q&A Forum, Thank you for posting your here!
Yes, it is possible to grant access to a private endpoint of an Azure Files storage account to another tenant.
To do this, you will need to create a Private Endpoint connection for the storage account in the Azure portal. Once the Private Endpoint connection is created, you can grant access to the other tenant by creating a Private Link Service in your Azure subscription and then sharing the Private Endpoint with the other tenant.
Here are the high-level steps you can follow to accomplish this:
- Create a Private Endpoint connection for your Azure Files storage account using the Azure portal. This will create a private IP address for the storage account that can be accessed only from within your virtual network.
- Create a Private Link Service in your Azure subscription that represents the Azure Files storage account.
- Share the Private Endpoint connection with the other tenant by providing them with the Private Link Service endpoint and authorization key.
Once the other tenant has access to the Private Endpoint connection, they can connect to the Azure Files storage account over the private Azure network without reaching the internet. This provides a more secure and cost-effective way to migrate your data.
Grant access from a virtual network
You can configure storage accounts to allow access only from specific subnets. The allowed subnets can belong to a virtual network in the same subscription or a different subscription, including those that belong to a different Azure AD tenant.
Configure Azure Storage firewalls and virtual networks
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.