The following document describe how to modify the Azure connector configuration after it has been configured for the first time. If you encounter errors, see the Troubleshooting section.
Before you begin
Make sure you have the permissions described in Connect to Azure for configuration and resource data collection.
Edit the Azure connector
You can change the location and subscriptions collected by the connector and the user-assigned managed identity. The following fields cannot be modified:
- Azure tenant ID
- Service agent ID
To change the values of these fields, you must delete the Azure connector and set up a new connection.
Open the Connectors tab on the Settings page.
Select the organization where you activated Security Command Center Enterprise.
In the Connectors table > Azure row, click more_vert **More options > Edit.
On the Configure connector page, you can change the following configuration:
- Azure subscriptions
- Azure locations
- Grant permissions for Sensitive Data Protection discovery
Click Continue
On the Connect to Azure page, you can change the following configuration:
- Managed identity client ID
- Managed identity object ID
Click Continue, .
In the Test connector page, click Test Connector to verify that Security Command Center can connect to the Microsoft Azure environment.
If the connection is successful, the Google Cloud service agent assumes the Microsoft Azure user-assigned managed identity and has the required Microsoft Azure and Microsoft Entra permissions. If the connection isn't successful, see Troubleshooting errors when testing the connection.
Click Save. The Connectors page appears.
Delete the Azure connector
Open the Connectors tab on the Settings page.
Select the organization where you activated Security Command Center Enterprise.
In the Connectors table > Azure row, click more_vert More options > Delete.