Ok, i'm at my witts ends here and about to go postal.

Deployed vmx, everything so far came up (used CSP template)

it created 2 new RG's for me, unsure wth those are for.

existing, meraki, merakisfsjdkj32423423423 

meraki holds the managed app, the meraki234234223 holds all else. Everything in same region.

I need to peer my meraki subnet to my existing deployment subnet as it uses the vnetgateway etc, so i go into a vnet and start a peering and i get a permission error. basically stating the managed app will not allow it because of deny statement. But i cant modify that deny statement from what i see, so how the heck do i setup peering?? Meraki support 'we dont support anything not on our basic guide'

Failed to add virtual network peering 'servers-to-meraki' to '/subscriptions/xxxxxx-8334-4cd8-9837-ee244731dd5a/resourceGroups/RG-NWT/providers/Microsoft.Network/virtualNetworks/VirtNet10-10-0-0'. Error: The client 'user@domain.onmicrosoft.com' with object id 'xxxxxx-ca3b-46be-8ec8-8c0873a88946' has permission to perform action 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write' on scope 'RG-NWT/providers/Microsoft.Network/virtualNetworks/VirtNet10-10-0-0/virtualNetworkPeerings/servers-to-meraki'>VirtNet10-10-0-0/servers-to-meraki'; however, it does not have permission to perform action 'peer/action' on the '0' linked scope(s) '' or the linked scope(s) are invalid and is blocked by deny assignments on the '1' linked scope(s) '/subscriptions/xxxxxxx-8334-4cd8-9837-ee244731dd5a/resourceGroups/RG-NWT-MERAKIppbqaaevoy7lu/providers/Microsoft.Network/virtualNetworks/vmx-vnet'.