Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into plandefinereadinesscriteria

windows/deployment/windows-autopilot/TOC.md

@@ -22,6 +22,7 @@
 ## [DFCI management](dfci-management.md)
 ## [Windows Autopilot update](autopilot-update.md)
 ## [Troubleshooting](troubleshooting.md)
+## [Policy conflicts](policy-conflicts.md)
 ## [Known issues](known-issues.md)
 
 # Support

windows/deployment/windows-autopilot/bitlocker.md

@@ -39,7 +39,7 @@ An example of Microsoft Intune Windows Encryption settings is shown below.
 
    ![BitLocker encryption settings](images/bitlocker-encryption.png)
 
-Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
+Note that a device which is encrypted automatically will need to be decrypted prior to changing the encryption algorithm.
 
 The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.
 

windows/deployment/windows-autopilot/policy-conflicts.md

@@ -0,0 +1,37 @@
+---
+title: Windows Autopilot policy conflicts
+ms.reviewer: 
+manager: laurawi
+description: Inform yourself about known issues that may occur during Windows Autopilot deployment.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+audience: itpro
+author: mtniehaus
+ms.author: mniehaus
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot - Policy Conflicts
+
+**Applies to**
+
+- Windows 10
+
+There are a sigificant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
+
+<table>
+<th>Policy<th>More information
+
+<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/partner-center/regional-authorization-overview">Password policy</a>
+<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly.
+</table>
+
+## Related topics
+
+[Troubleshooting Windows Autopilot](troubleshooting.md)

windows/deployment/windows-autopilot/registration-auth.md

@@ -80,6 +80,10 @@ Each OEM has a unique link to provide to their respective customers, which the O
     ![Not global admin](images/csp7.png)
 3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done.  Authorization happens instantaneously.
 
+    > [!NOTE]
+    > Once this process has completed, it is not currently possible for an administrator to remove an OEM. To remove an OEM or revoke
+      their permissions, send a request to msoemops@microsoft.com
+
 4. The OEM can use the Validate Device Submission Data API to verify the consent has completed.  This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
 
     > [!NOTE]

windows/deployment/windows-autopilot/white-glove.md

@@ -109,7 +109,7 @@ If the pre-provisioning process completed successfully and the device was reseal
 
 - Power on the device.
 - Select the appropriate language, locale, and keyboard layout.
-- Connect to a network (if using Wi-Fi).  If using Hybrid Azure AD Join, there must be connectivity to a domain controller; if using Azure AD Join, internet connectivity is required.
+- Connect to a network (if using Wi-Fi).  Internet access is always required.  If using Hybrid Azure AD Join, there must also be connectivity to a domain controller.
 - On the branded sign-on screen, enter the user’s Azure Active Directory credentials.
 - If using Hybrid Azure AD Join, the device will reboot; after the reboot, enter the user’s Active Directory credentials.
 - Additional policies and apps will be delivered to the device, as tracked by the Enrollment Status Page (ESP).  Once complete, the user will be able to access the desktop.

windows/deployment/windows-autopilot/windows-autopilot-requirements.md

@@ -94,7 +94,7 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti
 Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs:
 
 To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required:
-- [Microsoft 365 Business subscriptions](https://www.microsoft.com/microsoft-365/business)
+- [Microsoft 365 Business Premium subscriptions](https://www.microsoft.com/microsoft-365/business)
 - [Microsoft 365 F1 subscriptions](https://www.microsoft.com/microsoft-365/enterprise/firstline)
 - [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/education/buy-license/microsoft365/default.aspx)
 - [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune).