I listed a few issues in a previous blog, which are also reflected in the Autopilot documentation, but there are more issues addressed in later cumulative updates as well.  Here’s a full list:

Issues addressed in KB4505903 (7D update released in late July):

• Windows Autopilot white glove does not work for non-English OSes.  (If you’ve seen a red screen from Windows Autopilot that says “Success” and you were using a non-English OS, you now know why.)
• Windows Autopilot reports an AUTOPILOTUPDATE error during OOBE after sysprep, reset or other variations.  (This typically would happen if you reset the OS or used a custom sysprepped image.)
• BitLocker encryption is not correctly configured via Windows Autopilot scenarios.  (BitLocker didn’t get an expected notification after policies were applied to begin encryption.)
• Unable to install UWP apps from the Microsoft Store (online apps), causing failures during Windows Autopilot.  (If you are deploying Company Portal as a blocking app during Windows Autopilot ESP, you’ve probably seen this one.)
• User is not granted administrator rights after Windows Autopilot user-driven Hybrid Azure AD join scenario.  (Another non-English issue.)

Issues addressed in KB4512941 (8D update released in late August):

• Windows Autopilot for existing devices feature does not properly suppress “Activities” page during OOBE.  (Because of this, you’ll see that extra page during OOBE.)
• TPM attestation state is not cleared by sysprep /generalize, causing TPM attestation failure during later OOBE flow.  (This isn’t a particularly common issue, but you could run into it while testing if you are running sysprep /generalize and then rebooting or reimaging the device to go back through an Autopilot white glove or self-deploying scenario.)
• TPM attestation may fail if the device has a valid AIK cert but no EK cert.  (This is related to the previous item.)
• If TPM attestation fails during the Windows Autopilot white glove process, the landing page appears to be hung.  (Basically, the white glove landing page, where you click “Provision” to start the white glove process, isn’t reporting errors properly.)
• TPM attestation fails on newer Infineon TPMs (firmware version > 7.69).  (Prior to this fix, only a specific list of firmware versions was accepted.)
• Device naming templates may truncate the computer name at 14 characters instead of 15.
• Assigned Access policies cause a reboot which can interfere with the configuration of single-app kiosk devices.

Issues addressed in KB4517211 (9D update due to be released in late September):

• TPM attestation fails on Windows 10 1903 due to missing AKI extension in EK certificate.  (An additional validation added in Windows 10 1903 to check that the TPM EK certs had the proper attributes according to the TCG specifications uncovered that a number of them don’t, so that validation will be removed.)