This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 50%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
We have applications running in US region and Europe region. Both applications have different URLs. We want to sync data of both regions.
We are using service bus topics to store data in middle and pass that data to different region.
I want to confirm if service bus created in US region is accessible by other region in different tenant or not (Europe region), when both applications have different URLs?
Hi Raj, Azure Service Bus supports cross-region federation and message replication. https://video2.skills-academy.com/en-us/azure/service-bus-messaging/service-bus-federation-overview
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 80%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
Yes it should be possible, there are many authentication options for Service Bus laid out here:
Service Bus defines a set of built-in roles that you can grant to your tenants to access Service Bus entities. For example, with Microsoft Entra authentication, you can grant a tenant access to a specific queue or topic that contains their messages, which isolates it from the other tenants within your application.
For Entra, you follow the guide from the Docs here: For Entra, you follow the guide from the Docs here: https://video2.skills-academy.com/en-us/azure/service-bus-messaging/authenticate-application?WT.mc_id=MVP_319025#register-your-application-with-a-microsoft-entra-tenant
Once setup in the US tenant, your apps in other tenants can use the service principal to authenticate to the Service Bus in that tenant. The guide lays out the steps in more detail.
Additionally, you can also use a Shared Access Signature and grant specific topic/queue access:
Shared access signatures (SAS) give you the ability to grant a tenant access to Service Bus resources with specific rights.
Authenticate to the Service Bus with the SAS: Authenticate to the Service Bus with the SAS: https://video2.skills-academy.com/en-us/azure/service-bus-messaging/service-bus-sas?
The above docs also has code examples on how your applications could use the SAS token to authenticate to the Service Bus, which would be in the other tenant and this should work.
If you want to have replicated service bus data to the Europe region instead of plugging into the US, then you can also look into cross-region capabilities, which may be of interest, although will require some work to put in place.
Then you can use the SB resource within a more local region for the Europe application: If you want to have replicated service bus data to the Europe region instead of plugging into the US, then you can also look into cross-region capabilities, which may be of interest, although will require some work to put in place.
Then you can use the SB resource within a more local region for the Europe application:
https://video2.skills-academy.com/en-us/azure/service-bus-messaging/service-bus-federation-overview
Hope this helps and solves your question, if it does, feel free to mark as an accepted answer.
Thanks for the response.
I have one more doubt.
Will we be able to access Azure Blob storage also across different tenants?
Yes, similar approaches really. You can use a SAS token for the blob too or Entra.
As your SB is in the US, replicating blob data is more tricky because it's usually geo-replicated to a paired region (of which Europe is not paired with US) so this approach is not viable for you. Therefore, SAS is probably the easiest way for you to do this insetad. You can generate in the portal and get your apps to use the SAS token.
SAS for Blob: SAS for Blob: https://video2.skills-academy.com/en-us/rest/api/storageservices/delegate-access-with-shared-access-signature?
.NET app example using SAS to authenticate: https://video2.skills-academy.com/en-us/azure/storage/blobs/sas-service-create-dotnet
Or, preferably, Entra authentication to Blob using a a service principal across tenants, although more difficult to setup than SAS:
There are some code library examples here: https://video2.skills-academy.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
Hope this helps.