From 6275289d761599066e1cc39e5707b8c4485ae5a6 Mon Sep 17 00:00:00 2001
From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Date: Fri, 7 Mar 2025 10:48:17 -0500
Subject: [PATCH] Windows MDM setup: updates (#26922)

- Updates based on this retired doc:
https://docs.google.com/document/d/1hpvREXZFLsLdOp-_vS4pISJ1sLb6BzEWdbRBCR6xj0k/edit?tab=t.0
---
 articles/windows-mdm-setup.md | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/articles/windows-mdm-setup.md b/articles/windows-mdm-setup.md
index bd137c30aa1e..84ccfe75315e 100644
--- a/articles/windows-mdm-setup.md
+++ b/articles/windows-mdm-setup.md
@@ -8,7 +8,7 @@ To use automatic enrollment (aka zero-touch) features on Windows, follow instruc
 
 To migrate Windows hosts from your current MDM solution to Fleet, follow the instructions [here](#automatic-windows-mdm-migration). 
 
-## Manual enrollment
+## Turn on Windows MDM
 
 ### Step 1: Generate your certificate and key
 
@@ -22,7 +22,6 @@ How to generate a certificate and key:
 
 > Note: The default `openssl` binary installed on macOS is actually `LibreSSL`, which doesn't support the `--traditional` flag. To successfully generate these files, make sure you're using `OpenSSL` and not `LibreSSL`. You can check what your `openssl` command points to by running `openssl version`.
 
-
 ### Step 2: Configure Fleet with your certificate and key
 
 In your Fleet server configuration, set the contents of the certificate and key in the following environment variables:
@@ -42,7 +41,7 @@ Restart the Fleet server.
 
 3. Select **Turn on**.
 
-### Step 4: Test manual enrollment
+## Manual enrollment
 
 With Windows MDM turned on, enroll a Windows host to Fleet by installing [Fleet's agent (fleetd)](https://fleetdm.com/docs/using-fleet/enroll-hosts).
 
@@ -56,9 +55,7 @@ To automatically enroll Windows workstations when they’re first unboxed and se
 
 After you connect Fleet to Microsoft Entra ID, you can customize the Windows setup experience with [Windows Autopilot](https://learn.microsoft.com/en-us/autopilot/windows-autopilot).
 
-In order to connect Fleet to Microsoft Entra ID, the IT admin (you) needs a Microsoft Enterprise Mobility + Security E3 license. 
-
-Each end user who automatically enrolls needs a [Microsoft license](https://learn.microsoft.com/en-us/mem/intune/fundamentals/licenses.)
+In order to connect Fleet to Microsoft Entra ID, the IT admin (you) needs a Microsoft Enterprise Mobility + Security E3 license. Each end user who automatically enrolls needs at least a [Microsoft Entra P1 license](https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing). If they already have an [E3 or E5 license](https://www.microsoft.com/en-us/microsoft-365/enterprise/microsoft365-plans-and-pricing) then you're good to go.
 
 ### Step 1: Buy Microsoft licenses