Stay organized with collections
Save and categorize content based on your preferences.
The following document describe how to modify the Azure connector configuration
after it has been configured for the first time. If you encounter errors, see
the Troubleshooting section.
You can change the location and subscriptions collected by the connector
and the user-assigned managed identity. The following fields cannot be modified:
Azure tenant ID
Service agent ID
To change the values of these fields, you must delete the Azure connector
and set up a new connection.
Select the organization where you activated Security Command Center Enterprise.
In the Connectors table > Azure row, click
more_vert
**More options >Edit.
On the Configure connector page, you can change the following
configuration:
Azure subscriptions
Azure locations
Grant permissions for Sensitive Data Protection
discovery
Click Continue
On the Connect to Azure page, you can change the following configuration:
Managed identity client ID
Managed identity object ID
Click Continue, .
In the Test connector page, click Test Connector to verify
that Security Command Center can connect to the Microsoft Azure environment.
If the connection is successful, the Google Cloud service agent assumes
the Microsoft Azure user-assigned managed identity and has the required
Microsoft Azure and Microsoft Entra permissions. If the connection isn't successful, see
Troubleshooting errors when testing the connection.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Modify the connector for Azure\n\n| Enterprise [service tier](/security-command-center/docs/service-tiers)\n\n\u003cbr /\u003e\n\nThe following document describe how to modify the Azure connector configuration\nafter it has been configured for the first time. If you encounter errors, see\nthe [Troubleshooting](/security-command-center/docs/connect-scc-to-azure#troubleshooting-connection) section.\n\nBefore you begin\n----------------\n\nMake sure you have the permissions described in\n[Connect to Azure for configuration and resource data collection](/security-command-center/docs/connect-scc-to-azure#before-begin).\n\n### Edit the Azure connector\n\nYou can change the location and subscriptions collected by the connector\nand the user-assigned managed identity. The following fields cannot be modified:\n\n- **Azure tenant ID**\n- **Service agent ID**\n\nTo change the values of these fields, you must delete the Azure connector\nand set up a new connection.\n\n1. Open the **Connectors** tab on the **Settings** page.\n\n [Go to Connectors](https://console.cloud.google.com/security/command-center/config/connectors)\n2. Select the organization where you activated Security Command Center Enterprise.\n\n3. In the **Connectors** table \\\u003e **Azure** row, click\n more_vert\n \\*\\*More options \\\u003e **Edit**.\n\n4. On the **Configure connector** page, you can change the following\n configuration:\n\n - **Azure subscriptions**\n - **Azure locations**\n - **Grant permissions for Sensitive Data Protection\n discovery**\n5. Click **Continue**\n\n6. On the **Connect to Azure** page, you can change the following configuration:\n\n - **Managed identity client ID**\n - **Managed identity object ID**\n7. Click **Continue**, .\n\n8. In the **Test connector** page, click **Test Connector** to verify\n that Security Command Center can connect to the Microsoft Azure environment.\n\n If the connection is successful, the Google Cloud service agent assumes\n the Microsoft Azure user-assigned managed identity and has the required\n Microsoft Azure and Microsoft Entra permissions. If the connection isn't successful, see\n [Troubleshooting errors when testing the connection](/security-command-center/docs/connect-scc-to-azure#troubleshooting-connection).\n9. Click **Save** . The **Connectors** page appears.\n\n### Delete the Azure connector\n\n1. Open the **Connectors** tab on the **Settings** page.\n\n [Go to Connectors](https://console.cloud.google.com/security/command-center/config/connectors)\n2. Select the organization where you activated Security Command Center Enterprise.\n\n3. In the **Connectors** table \\\u003e **Azure** row, click\n more_vert\n **More options \\\u003e Delete**."]]
