Learn Editor: Update enable-agentless-scanning-vms.md

Author: moraviv

articles/defender-for-cloud/enable-agentless-scanning-vms.md

@@ -71,7 +71,9 @@ To manually assign the permissions, follow the below instructions according to y
 - For Key Vaults using non-RBAC permissions, assign "Microsoft Defender for Cloud Servers Scanner Resource Provider" (`0c7668b5-3260-4ad0-9f53-34ed54fa19b2`) these permissions: Key Get, Key Wrap, Key Unwrap.
 - For Key Vaults using RBAC permissions, assign "Microsoft Defender for Cloud Servers Scanner Resource Provider” (`0c7668b5-3260-4ad0-9f53-34ed54fa19b2`) the [Key Vault Crypto Service Encryption User](https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?preserve-view=true&tabs=azure-cli#azure-built-in-roles-for-key-vault-data-plane-operations) built-in role.
 
-Learn more on [agentless scanning permissions](faq-permissions#which-permissions-are-used-by-agentless-scanning-)
+To assign these permissions at scale, you can also use [this script](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts/Agentless%20Scanning%20CMK%20support).
+
+Learn more on [agentless scanning permissions](faq-permissions#which-permissions-are-used-by-agentless-scanning-).
 
 ### Agentless vulnerability assessment on AWS