[BUG] Cross-tenant operations are not working properly

[mbifeld]

To Reproduce

Be logged into a tenant where the user has cross-tenant access to a subscription on another tenant.

1 Login tenant from remote VNET
az login --tenant "xxxxx"

2 Displays the expected sub for the remote VNET
az account list -o table

3 Context for hub subscription
az account set --subscription "xxx"

4 Connect vnet to hub
az network vhub connection create --resource-group "abc" --name "vnet-name" --vhub-name "xyz" --remote-vnet "/subscriptions/xxxx/resourceGroups/abc/providers/Microsoft.Network/virtualNetworks/test-vnet"

Observed Behavior

(LinkedAuthorizationFailed) The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope '/subscriptions/xxx/resourceGroups/abc/providers/Microsoft.Network/virtualHubs/xyz/hubVirtualNetworkConnections/vnet-name', however the current tenant 'xxxxx' is not authorized to access linked subscription 'xxxxxx'.
Code: LinkedAuthorizationFailed
Message: The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope '/subscriptions/xxxxx/resourceGroups/abc/providers/Microsoft.Network/virtualHubs/xyz/hubVirtualNetworkConnections/vnet-name', however the current tenant 'xxxx' is not authorized to access linked subscription 'xxxxx'.

Expected behavior

az network vhub connection create command to run successfully.

Is this specific to Cloud Shell?

Yes. This is working locally. Issue appears in both Cloud Shell bash and powershell.

Interface information

portal.azure.com

Additional context

Add any other context about the problem here.

[mbifeld]

Originally reported by @aldairzamoramsft