Cannot share Azure VM image in Azure Gallery by RBAC

Question

Cannot share Azure VM image in Azure Gallery by RBAC between different Tenants

Answer 1

Hello Mark Danilovich,

Wellcome to Q&A, sharing Azure VM images between tenants is doable with an Azure Compute Gallery, though it can be a bit of a complicated procedure.

• You can share gallery resources using Azure's Role-Based Access Control (RBAC). This allows sharing with users, groups, or service principals—even if they're in another tenant.
• To make this work across tenants, the recipient needs your tenant ID for login and access verification.
• Azure's "Direct Shared Gallery" feature (currently in preview) simplifies sharing between subscriptions or tenants but provides read-only access only.
• Limitations: Keep in mind that encrypted images can't be shared, you can’t query shared images directly, and updating group-based sharing settings isn't supported.

To troubleshoot further, could you share a bit more detail about your issue? For example:

• Are you seeing any error messages?
• Is the problem with RBAC role assignment or "Direct Shared Gallery" setup?

References:

• https://learn.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries?tabs=vmsource%2Cazure-cli
• https://learn.microsoft.com/en-us/azure/virtual-machines/share-gallery
• https://learn.microsoft.com/en-us/azure/virtual-machines/share-gallery-direct

If the information helped address your question, please Accept the answer.

Luis