diff --git a/docs/management/admin/response-actions-config.asciidoc b/docs/management/admin/response-actions-config.asciidoc
index a031b38017..e2e2d559dd 100644
--- a/docs/management/admin/response-actions-config.asciidoc
+++ b/docs/management/admin/response-actions-config.asciidoc
@@ -86,11 +86,14 @@ This gives you visibility into CrowdStrike without needing to leave {elastic-sec
 // NOTE TO CONTRIBUTORS: These sections have very similar content. If you change anything 
 // in this section, apply the change to the other sections, too.
 
-. **Create API access information in Microsoft Azure.** Create two new applications in your Azure domain and grant them the following minimum API permissions:
+. **Create API access information in Microsoft Azure.** Create new applications in your Azure domain and grant them the following minimum API permissions:
 +
 --
-- Microsoft Defender for Endpoint Fleet integration policy: Permission to read alert data (`Windows Defender ATP: Alert.Read.All`).
-- Microsoft Defender for Endpoint connector: Permission to read machine information as well as isolate and release a machine (`Windows Defender ATP: Machine.Isolate and Machine.Read.All`).
+- To isolate and release hosts:
+   * Microsoft Defender for Endpoint Fleet integration policy: Permission to read alert data (`Windows Defender ATP: Alert.Read.All`).
+   * Microsoft Defender for Endpoint connector: Permission to read machine information as well as isolate and release a machine (`Windows Defender ATP: Machine.Read.All` and `Machine.Isolate`).
+- To run a script on a host:
+   * Microsoft Defender for Endpoint connector: Permission to manage live response library files as well as run live response on a specific machine (`Windows Defender ATP: Library.Manage` and `Machine.LiveResponse`) 
 --
 +
 Refer to the {integrations-docs}/microsoft_defender_endpoint[Microsoft Defender for Endpoint integration documentation] or https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-create-app-webapp[Microsoft's documentation] for details on creating a new Azure application.
diff --git a/docs/management/admin/response-actions.asciidoc b/docs/management/admin/response-actions.asciidoc
index c41edb13ca..bf91322406 100644
--- a/docs/management/admin/response-actions.asciidoc
+++ b/docs/management/admin/response-actions.asciidoc
@@ -198,9 +198,13 @@ NOTE: Scanning can take longer for directories containing a lot of files.
 [[runscript]]
 === `runscript`
 
-NOTE: This response action is supported only for <<crowdstrike-response-actions, CrowdStrike-enrolled hosts>>.
+Run a script on a host.
 
-Run a script on a host. You must include one of the following parameters to identify the script you want to run:
+[discrete]
+[[runscript-crwd]]
+==== CrowdStrike
+
+For CrowdStrike, you must include one of the following parameters to identify the script you want to run:
 
 * `--Raw`: The full script content provided directly as a string.
 * `--CloudFile`: The name of the script stored in a cloud storage location.
@@ -221,6 +225,25 @@ Examples:
 
 `runscript --HostPath="C:\temp\LocalScript.ps1" --CommandLine="-Verbose true"`
 
+[discrete]
+[[runscript-mde]]
+==== Microsoft Defender for Endpoint
+
+For Microsoft Defender for Endpoint, you must include the following parameter to identify the script you want to run:
+
+* `--ScriptName`: The name of the script stored in a cloud storage location. Select from a list of saved custom scripts.
+
+You can also use this optional parameter:
+
+* `--Args`: Additional command-line arguments passed to the script to customize its execution.
++
+NOTE: The response console does not support double-dash (`--`) syntax within the `--Args` parameter.
+
+Required privilege: **Execute Operations**
+
+Example: `runscript --ScriptName="Script2.sh" --Args="-Verbose true"`
+
+
 [discrete]
 [[supporting-commands-parameters]]
 == Supporting commands and parameters
diff --git a/docs/management/admin/third-party-actions.asciidoc b/docs/management/admin/third-party-actions.asciidoc
index 912d932d28..f39dcbc772 100644
--- a/docs/management/admin/third-party-actions.asciidoc
+++ b/docs/management/admin/third-party-actions.asciidoc
@@ -33,7 +33,7 @@ These response actions are supported for CrowdStrike-enrolled hosts:
 +
 Refer to the instructions on <<isolate-a-host,isolating>> and <<release-a-host,releasing>> hosts for more details.
 
-* **Run a script on a host** with the <<runscript,`runscript` response action>>.
+* **Run a script on a host** with the <<runscript-crwd,`runscript` response action>>.
 
 * **View past response action activity** in the <<response-actions-history,response actions history>> log.
 
@@ -52,6 +52,8 @@ These response actions are supported for Microsoft Defender for Endpoint–enrol
 +
 Refer to the instructions on <<isolate-a-host,isolating>> and <<release-a-host,releasing>> hosts for more details.
 
+* **Run a script on a host** with the <<runscript-mde,`runscript` response action>>.
+
 [discrete]
 [[sentinelone-response-actions]]
 == SentinelOne response actions