Add a note about OEM Authorization and Delegated Admin Permissions (DAP)

It is just a clarification for several customers who are afraid about Delegated Admin Permissions (DAP) could be part of the OEM Authorization.
2025-05-14 14:27:22 +00:00 · 2019-12-11 11:57:56 +01:00 · 2019-12-11 11:57:56 +01:00 · 214d87b5d6
commit 214d87b5d6
parent 36bc97a8e2
1 changed files with 4 additions and 1 deletions
--- a/windows/deployment/windows-autopilot/registration-auth.md
+++ b/windows/deployment/windows-autopilot/registration-auth.md
@ -9,7 +9,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
@ -75,6 +76,8 @@ Each OEM has a unique link to provide to their respective customers, which the O

 4. The OEM can use the Validate Device Submission Data API to verify the consent has completed.  This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process.

+    NOTE: During the OEM authorization registration process, no delegated admin permissions are granted to the OEM.
+
 ## Summary

 At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer.  And, it all happens instantaneously - as quickly as buttons are clicked.