Azure Event Hubs
An Azure real-time data ingestion service.
596 questions
How to subscribe to events from an Event Hub running in a different Azure tenant/directory
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 28.999999999999996%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
Venkat Varanasi
0
Reputation points
I am looking to subscribe to events from an Azure Event Hub that is in a different tenant owned by a third party. Can someone advise the options available?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 61,101 Reputation points2023-11-22T20:51:50.5766667+00:00 your third party should give you the required authentication requirements. they control access to the hub,
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
KranthiPakala-MSFT 46,437 Reputation points Microsoft Employee2023-11-22T21:42:19.9366667+00:00 @Venkat Varanasi Welcome to Microsoft Q&A forum and thanks for reaching out here.
If you need to subscribe to events from an Azure Event Hub that is owned by a third party in a different tenant, you can utilize Shared Access Signature for authentication/authorization, which gives you the ability to grant a tenant access to Event Hubs resources with specific rights. Your third-party vendor should provide you the SAS with necessary rights which you can use to access the event hubs.
For more information about this feature please refer to this document: Multitenancy & Azure EventHubs - Shared Access Signature
Hope this info helps.
Please don’t forget to
Accept AnswerandYesfor "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members. -
Venkat Varanasi 0 Reputation points
2023-11-22T22:56:34.5666667+00:00 @KranthiPakala-MSFT Thanks for the response. My question is how do we configure a Event hub owned by a third party to securely publish events to an endpoint running in my account (Function App/Service Bus etc.)
-
KranthiPakala-MSFT 46,437 Reputation points Microsoft Employee
2023-11-28T01:09:52.56+00:00 @Venkat Varanasi If your requirement is to use a function app, then you can suggest your partner to send event to Azure Data Lake Storage account using Capture events through Azure Event Hubs feature. And then provide a SAS that has access to that storage container/location, and you can use that SAS to authenticate from your Fucntion app and receive the events as needed.
-
Venkat Varanasi 0 Reputation points
2023-11-28T09:21:00.2+00:00 @KranthiPakala-MSFT as per our security standards, we cannot allow public access to storage account so the partner's Event Hub cannot reach our storage account.
-
KranthiPakala-MSFT 46,437 Reputation points Microsoft Employee
2023-11-28T21:36:36.3+00:00 @Venkat Varanasi Thanks for getting back. I mean to say your partner has to use Capture Events through Azure Event Hubs feature and capture the data in their own storage account and they need to grant that storage access (SAS) to your tenant. Using that authentication, you will be able to access the data.
Please note, Capture Event hubs feature has below limitation hence, your partner has to capture the event hubs to their storage account and from there you should be able to consume the data.
If you have concerns about security restrictions from your organization, I recommend filing a support ticket for detailed understanding of your scenario and our support engineers and product team would be able to help guide you accordingly.
Thank you
-
Venkat Varanasi 0 Reputation points
2023-11-29T12:10:49.6833333+00:00 KranthiPakala-MSFT - Thanks for the suggestion. I would like to subscribe to events rather than reading the events data from the storage account as it adds latency. I see that Event Hub supports events subscription through hybrid connections as well. Is it something can be used? if so, please advise how to set up hybrid connection to subscribe to events from partner's event hub
-
KranthiPakala-MSFT 46,437 Reputation points Microsoft Employee
2023-12-07T16:52:46.8466667+00:00 @Venkat Varanasi As per my discussion with Event hub product team we don't have such a feature (Hybrid connection) out o the box. Are you referring to some other service that wraps EH?
-
Venkat Varanasi 0 Reputation points
2023-12-08T10:24:18.2133333+00:00 @KranthiPakala-MSFT I can see the Hybrid connection option while creating event subscription.
-
KranthiPakala-MSFT 46,437 Reputation points Microsoft Employee
2023-12-13T23:05:50.04+00:00 @Venkat Varanasi I see what you are referring to. This is related to Event Grid. Thanks for clarifying.
You can use Azure Relay Hybrid Connections to send events to applications that are within anenterprise networkand don't have apublicly accessible endpoint.In your case I believe your partner is totally in a different enterprise network and this won't suffice your need.
Is your requirement using Event hubs or Event Grid?
Sign in to comment