Hi @IT Germany , you can use Azure Lighthouse to manage your customers' Azure resources from your own tenant.
With Azure Lighthouse, you can manage resources across multiple tenants from a single place. You can delegate permissions to your customers to manage their own resources, while still maintaining control over the overall environment. You can also use Azure Lighthouse to manage access to resources across multiple tenants, including Azure AD, Azure Virtual Machines, and Azure Kubernetes Service.
Regarding the VLANs, you can use Azure Virtual Network to create separate virtual networks for each customer, and then connect them to your central tenant using VPN or ExpressRoute. This will allow you to isolate each customer's traffic and provide them with their own firewall.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James