Update articles/defender-for-cloud/enable-agentless-scanning-vms.md

moraviv · dcurwin · web-flow · commit 81375508204a · 2024-03-20T22:25:21.000+02:00
Co-authored-by: David Curwin &lt;david.curwin@microsoft.com&gt;
diff --git a/articles/defender-for-cloud/enable-agentless-scanning-vms.md b/articles/defender-for-cloud/enable-agentless-scanning-vms.md
@@ -69,7 +69,7 @@ For agentless scanning to cover Azure VMs with CMK encrypted disks, you need to
 
 To manually assign the permissions, follow the below instructions according to your Key Vault type:
 - For Key Vaults using non-RBAC permissions, assign "Microsoft Defender for Cloud Servers Scanner Resource Provider" (`0c7668b5-3260-4ad0-9f53-34ed54fa19b2`) these permissions: Key Get, Key Wrap, Key Unwrap.
-- For Key Vaults using RBAC permissions, assign "Microsoft Defender for Cloud Servers Scanner Resource Provider” (`0c7668b5-3260-4ad0-9f53-34ed54fa19b2`) the [Key Vault Crypto Service Encryption User](https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?preserve-view=true&tabs=azure-cli#azure-built-in-roles-for-key-vault-data-plane-operations) built-in role.
+- For Key Vaults using RBAC permissions, assign "Microsoft Defender for Cloud Servers Scanner Resource Provider” (`0c7668b5-3260-4ad0-9f53-34ed54fa19b2`) the [Key Vault Crypto Service Encryption User](/azure/key-vault/general/rbac-guide?preserve-view=true&tabs=azure-cli#azure-built-in-roles-for-key-vault-data-plane-operations) built-in role.
 
 To assign these permissions at scale, you can also use [this script](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts/Agentless%20Scanning%20CMK%20support).
 
