![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 87%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Azure Data Explorer
An Azure data analytics service for real-time analysis on large volumes of data streaming from sources including applications, websites, and internet of things devices.
547 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 18%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGG%3C/text%3E%3C/svg%3E)
Hi @Raja Mohamed Masthan Syed Ahamed
Thanks for the question and using MS Q&A platform.
To create a cross-tenant data connection between Azure Event Hubs and Azure Data Explorer (ADX) using Service Principal (SPN) authentication, you will need to follow these steps:
- Create a Service Principal in the Event Hub Tenant - Log in to the Azure portal of the Event Hub tenant. Navigate to Azure Active Directory > App registrations. Click on New registration and fill in the required details. After registration, note down the Application (client) ID and Directory (tenant) ID.
- Create a Client Secret - In the registered application, go to Certificates & secrets. Click on New client secret, provide a description, and set an expiration period. Copy the generated secret value for later use.
- Assign Role to the Service Principal - Go to the Event Hub resource in the Azure portal. Navigate to Access control (IAM). Click on Add role assignment, select the role Azure Event Hubs Data Receiver, and assign it to the Service Principal you created.
- Configure Azure Data Explorer (ADX) to Use SPN Authentication - In the Azure portal of the ADX tenant, navigate to your Azure Data Explorer cluster. Go to Data connections and select Add data connection. Choose Event Hubs as the data source. Select Service Principal as the authentication method and enter the Application (client) ID, Directory (tenant) ID, and the client secret.
- Set Up Ingestion Properties - Define the ingestion properties to specify how data should be routed from Event Hub to ADX. Ensure that the Database and Table properties are set correctly in the ingestion mapping.
- Test the Connection - After setting up the connection, test it to ensure that ADX can successfully connect to the Event Hub using the SPN. Monitor the ingestion metrics in ADX to verify that data is being ingested as expected.
- Handle Permissions and Security - Ensure that the Service Principal has the necessary permissions in both tenants. Regularly review and manage the permissions to maintain security.
By following these steps, you should be able to establish a successful cross-tenant data connection between Azure Event Hub and Azure Data Explorer using Service Principal authentication.
For more details refer to this documentation: https://learn.microsoft.com/en-us/azure/data-explorer/ingest-data-cross-tenant
Hope this helps. Do let us know if you have any further queries.