This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 67%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
If ADF is in Tenant A and the Kusto cluster is in Tenant B. What auth could help me in this scenario.?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 16%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Hi Ash,
Could you please confirm if you have gone through my response and if that worked for you? Do let me know if you have any further questions on this.
If the provided information helpful, please click "Upvote", it will help others who might be facing similar challenges.
Thanks
Kalyani
Hi Ash,
We noticed we haven't received a response from you regarding the last update. If you've found a resolution, we’d greatly appreciate it if you could share it with the community, as it might benefit others. If not, please let us know, and we’ll provide further details and do our best to assist you.
You need to use service principal authentication.
The service principal should be in the same tenant as the Kusto and must have access on it.
Managed identity wont work as they are diff tenants
Hi Ash,
Greetings for the day!
Thank you Nandan Hegde for answering, I would like to add few more details to your point.
based on your statement you're trying to figure out whether you can use Azure Data Factory (ADF) in one tenant to connect to a Kusto (Azure Data Explorer) cluster in another tenant.
Heres how you can set it up:
Hope this helps, If you have any further questions, please just let us know.
Thanks!
Kalyani
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello Ash,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you would like to know if the Cross Tenant support available between ADF and Kusto.
For more details:
To establish secure cross-tenant access in Azure, it is recommended to avoid using Managed Identity since it is not supported across tenants, and instead rely on a Service Principal with RBAC for controlled access. Begin by registering an application in Tenant A’s Azure AD, ensuring it is set as multi-tenant if required, and note the Client ID, Tenant ID, and Client Secret - App registration guide.
Next, create an Enterprise Application in Tenant B using the Client ID, which automatically provisions a service principal - Enterprise app setup. Assign the service principal appropriate RBAC roles such as Storage Blob Data Contributor to enable data operations - RBAC roles reference.
In Azure Data Factory (ADF) of Tenant A, configure a linked service using Service Principal authentication, specifying the Tenant B ID - ADF linked service config.
To enhance security, use Azure Private Link by creating a private endpoint for Blob Storage in Tenant B, configure DNS resolution, firewall rules, and enable connectivity through VNet peering or VPN - Private Endpoint tutorial, DNS guide.
For scenarios involving Key Vault in Tenant B, set up a multitenant app registration in Tenant A, obtain consent from Tenant B, and assign the Key Vault Secrets User role to securely access secrets Cross-tenant Key Vault guide, Multitenant Key Vault architecture. Finally, ensure all configurations are well-documented to support auditing and troubleshooting.
I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.