Hello Gerald Prendi,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you need more clarity and guides on how to setup cross-tenant configuration for Azure Storage Service Endpoint for Azure Key Vault across Entra Tenants.
Yes, it is possible to set up virtual network service endpoints and virtual network ACLs across different Microsoft Azure tenants specifically for Azure Storage and Azure Key Vault, but for other services, that are not mentioned in the FAQ, cross-tenant virtual network service endpoints and ACLs are not supported. https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-cross-tenant-new-account
Secondly, the Private Link Service concepts is different from cross-tenant configuration. it allows you to access services privately over a private IP address within a virtual network and enhances security by keeping traffic within a virtual network, but it doesn't necessarily involve multiple tenants, not directly address cross-tenant scenarios. https://docs.microsoft.com/en-us/azure/private-link/private-link-overview and https://docs.microsoft.com/en-us/azure/private-link/private-link-service-overview
Lastly, about more documentations and guides, kindly use the links below:
- https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/storage/common/customer-managed-keys-configure-cross-tenant-existing-account.md
- https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-cross-tenant-customer-managed-keys
- https://www.yalos-solutions.com/key-vault.html
- https://docs.microsoft.com/en-us/azure/active-directory/external/cross-tenant-access
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam