From 9cf485ab5eef5d76cead326ff8d54aa16f80af38 Mon Sep 17 00:00:00 2001
From: Preslav <preslav@mondoo.com>
Date: Mon, 3 Jun 2024 09:22:30 +0300
Subject: [PATCH] Add Microsoft.Compute/virtualMachines/runCommand/action as a
 required permission for VM scanning.

Signed-off-by: Preslav <preslav@mondoo.com>
---
 docs/platform/infra/cloud/azure/_include-webapp.mdx            | 3 ++-
 .../infra/cloud/azure/azure-integration-scan-group.mdx         | 3 ++-
 .../infra/cloud/azure/azure-integration-scan-subscription.mdx  | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/docs/platform/infra/cloud/azure/_include-webapp.mdx b/docs/platform/infra/cloud/azure/_include-webapp.mdx
index 77c42a5d0..7577c1406 100644
--- a/docs/platform/infra/cloud/azure/_include-webapp.mdx
+++ b/docs/platform/infra/cloud/azure/_include-webapp.mdx
@@ -46,7 +46,8 @@ Grant web app permissions by creating a custom RBAC role for Mondoo and assignin
         "Microsoft.KeyVault/vaults/*/read",
         "Microsoft.KeyVault/operations/read",
         "Microsoft.Compute/virtualMachines/runCommands/read",
-        "Microsoft.Compute/virtualMachines/runCommands/write"
+        "Microsoft.Compute/virtualMachines/runCommands/write",
+        "Microsoft.Compute/virtualMachines/runCommand/action"
        ],
       "notActions": [],
        "dataActions": [
diff --git a/docs/platform/infra/cloud/azure/azure-integration-scan-group.mdx b/docs/platform/infra/cloud/azure/azure-integration-scan-group.mdx
index 0b4429881..1514bae82 100644
--- a/docs/platform/infra/cloud/azure/azure-integration-scan-group.mdx
+++ b/docs/platform/infra/cloud/azure/azure-integration-scan-group.mdx
@@ -172,7 +172,8 @@ To assign this role across all subscriptions under a management group, follow th
        "Microsoft.KeyVault/vaults/*/read",
        "Microsoft.KeyVault/operations/read",
        "Microsoft.Compute/virtualMachines/runCommands/read",
-       "Microsoft.Compute/virtualMachines/runCommands/write"
+       "Microsoft.Compute/virtualMachines/runCommands/write",
+       "Microsoft.Compute/virtualMachines/runCommand/action"
      ],
      "notActions": [],
      "dataActions": [
diff --git a/docs/platform/infra/cloud/azure/azure-integration-scan-subscription.mdx b/docs/platform/infra/cloud/azure/azure-integration-scan-subscription.mdx
index fd0af4d5b..a1e25d2c7 100644
--- a/docs/platform/infra/cloud/azure/azure-integration-scan-subscription.mdx
+++ b/docs/platform/infra/cloud/azure/azure-integration-scan-subscription.mdx
@@ -190,7 +190,8 @@ Follow these steps, substituting the subscription ID(s) you copied in Step A for
        "Microsoft.KeyVault/vaults/*/read",
        "Microsoft.KeyVault/operations/read",
        "Microsoft.Compute/virtualMachines/runCommands/read",
-       "Microsoft.Compute/virtualMachines/runCommands/write"
+       "Microsoft.Compute/virtualMachines/runCommands/write",
+       "Microsoft.Compute/virtualMachines/runCommand/action"
      ],
      "notActions": [],
      "dataActions": [