[BUG] Cross-tenant operations are not working properly

[mbifeld]

To Reproduce

Be logged into a tenant where the user has cross-tenant access to a subscription on another tenant.

1 Login tenant from remote VNET az login --tenant "xxxxx"

2 Displays the expected sub for the remote VNET az account list -o table

3 Context for hub subscription az account set --subscription "xxx"

4 Connect vnet to hub az network vhub connection create --resource-group "abc" --name "vnet-name" --vhub-name "xyz" --remote-vnet "/subscriptions/xxxx/resourceGroups/abc/providers/Microsoft.Network/virtualNetworks/test-vnet"

Observed Behavior

(LinkedAuthorizationFailed) The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope '/subscriptions/xxx/resourceGroups/abc/providers/Microsoft.Network/virtualHubs/xyz/hubVirtualNetworkConnections/vnet-name', however the current tenant 'xxxxx' is not authorized to access linked subscription 'xxxxxx'. Code: LinkedAuthorizationFailed Message: The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope '/subscriptions/xxxxx/resourceGroups/abc/providers/Microsoft.Network/virtualHubs/xyz/hubVirtualNetworkConnections/vnet-name', however the current tenant 'xxxx' is not authorized to access linked subscription 'xxxxx'.

Expected behavior

az network vhub connection create command to run successfully.

Is this specific to Cloud Shell?

Yes. This is working locally. Issue appears in both Cloud Shell bash and powershell.

Interface information

portal.azure.com

Additional context

Add any other context about the problem here.