Azure Data Explorer / Data Connection from IOT hub in different tenant

Question

We're migrating between Azure tenants and have come across some infrastructure connectivity niggles I'd like help with.

In the old tenant we have an IOT hub which our external devices report telemetry through.

In the new Azure tenant we have a TSI Gen2 instance. This is subscribed to events from the old tenant using a manually generated event source which includes a sharedAccessKey as per docs here. This isn't great security but does allow events to pass between the subscriptions.

We are trying to do the same thing with an Azure Data Explorer Data Connection however as per the Kusto docs here, it doesn't appear to be possible to manually specify a SAS key. I'd prefer to connect using a managed identity which it does support however but that only appears to work within the same tenant.

Any suggestions on getting data into ADX from an IOT hub in a different tenant?

Answer 1

We have a solution that should be good enough for our use case.

If you ask it nicely (via Arm or the CLI), an IOT hub can route to event hubs using a target connection string including a shared access key that works cross tenant. So our old IOT hub can send messages to a new event hub and ADX can ingest via a data connection to that.

Thanks to @Sander van de Velde | MVP for encouraging me to delve deeper.