updates from Rafal

windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md

@@ -462,6 +462,9 @@ From the **BitLocker Drive Encryption** Control Panel applet, select the OS driv
 
 ### Resume BitLocker
 
+> [!NOTE]
+> Resuming protection only works on devices that have accepted the Windows EULA.
+
 #### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell)
 
 ```powershell

windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md

@@ -21,6 +21,7 @@ The following list provides examples of common events that cause a device to ent
 - Docking or undocking a portable computer
 - Changes to the NTFS partition table on the disk
 - Changes to the boot manager
+- PXE booting, unless BitLocker uses the *Network Unlock* feature
 - Turning off, disabling, deactivating, or clearing the TPM
 - TPM self-test failure
 - Upgrading the motherboard to a new one with a new TPM

windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md

@@ -180,6 +180,9 @@ When a volume is unlocked using a recovery password:
 
 After the volume is unlocked, BitLocker behaves the same way, regardless of how the access was granted.
 
+> [!NOTE]
+> If you move an OS volume with a TPM protector to a different device and unlock it using a recovery protector, BitLocker will bind to the new TPM. Returning the volume to the original device will prompt for the recovery protector due to the TPM mismatch. Once unlocked using recovery protector again, the volume will re-bind to the original device.
+
 If a device experiences multiple recovery password events, an administrator should perform post-recovery analysis to determine the root cause of the recovery. Then, refresh the BitLocker platform validation to prevent entering a recovery password each time that the device starts up.
 
 ### Determine the root cause of the recovery