How to simply share an image I made in my Azure compute gallery with another tenant?

Yogev Chaimovich 45 Reputation points
2024-08-27T08:14:22.46+00:00

I'm trying to share an image I made and have in my Azure compute gallery in the simplest way.

1'st, I see I cannot use the direct share even if I don't want to share in "public preview".
I am the owner of this subscription tenant, I have Microsoft.Compute registered.
And Microsoft.Compute/DirectSharedGalleries does not exist.

User's image

After that failed, I saw the app registration way but I thought it seems too complicated. So I went with the RBAC way which says it can also share to different tenants, AFAIU:

User's image

I followed the "Portal" instruction and got to a dead end when I couldn't add an email of a tenant which is outside of my organization. Even though they say it should be possible and I'll get a message "This user will be sent an email that enables them to collaborate with Microsoft"

User's image

When I search for an email which is outside of my organization it just filters out all users and I have no users to choose.

I tried running the CLI commands and got an error

User's image

Cannot find user or service principal in graph database for 'a-user@hotmail.com'. If the assignee is an appId, make sure the corresponding service principal is created with 'az ad sp create --id a-user@hotmail.com'.

This user is not an appId.

I can't understand how to simply share an image with another tenant?

Please help.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,787 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
790 questions
{count} votes

Accepted answer
  1. Srinud 2,235 Reputation points Microsoft Vendor
    2024-08-29T11:33:09.7566667+00:00

    Hi Yogev Chaimovich,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue:

    sharing compute gallery image to another tenant using RBAC.

    Solution:

    By adding --aux-tenants parameter to az deployment group create command.

    If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    Thank you.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.