Simplify Network Peering across Tenants
When you need to peer networks across tenants, you need to create a user in each tenant, and then add them as guests to the other tenants. You also need to ensure that the guest users have the appropriate access. This doesn't meet the need-to-know and least-privilege requirements, especially if you don't fully trust the other party. This also makes it incredibly difficult to automate due to the dependency on user accounts.
Simplify the peering process by allowing both parties to share keys and network ids in order to peer. Allow service principals to create the peers and only connect them if the key's match. Also allow for the key to be revoked.
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
VNet peering across different subscription with different AD can be more dynamic. Let's say VNet1 subscription1 need to peer with VNet2 subscription2. VNet1 send request to VNet2 , VNet2 accept the request then VNet1->VNet2 connection established. And vices versa so that two connections established without AD preconfiguration.
Edward Liu commented
I am interested in how this can be done in a more automated fashion and am wondering if this can be done already.