Update known-issues.md

Author: ArvindHarinder1

articles/active-directory/app-provisioning/known-issues.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: troubleshooting
-ms.date: 07/07/2021
+ms.date: 11/18/2021
 ms.reviewer: arvinh
 ---
 
@@ -116,8 +116,8 @@ The following attributes and objects aren't supported:
    - Reference attributes (for example, manager).
    - Groups.
    - Complex anchors (for example, ObjectTypeName+UserName).
-   - On-premises applications are sometimes not federated with Azure AD and require local passwords. The on-premises provisioning preview *doesn't support provisioning one-time passwords or synchronizing passwords* between Azure AD and third-party applications.
-   - The **export_password** virtual attribute, **SetPassword**, and **ChangePassword** operations aren't supported.
+   - Binary attributes.
+   - On-premises applications are sometimes not federated with Azure AD and require local passwords. The on-premises provisioning preview does not support password synchronization. Provisioning one-time passwords is supported. Please ensure that you are using the [Redact](https://docs.microsoft.com/azure/active-directory/app-provisioning/functions-for-customizing-application-data#redact) function to redact the passwords from the logs. The passwords are not exported on the initial call to the application, but rather a second call with set password.   
 
 #### SSL certificates
    The Azure AD ECMA Connector Host currently requires either an SSL certificate to be trusted by Azure or the provisioning agent to be used. The certificate subject must match the host name the Azure AD ECMA Connector Host is installed on.
@@ -128,5 +128,9 @@ The following attributes and objects aren't supported:
 #### Attribute discovery and mapping
    The attributes that the target application supports are discovered and surfaced in the Azure portal in **Attribute Mappings**. Newly added attributes will continue to be discovered. If an attribute type has changed, for example, string to Boolean, and the attribute is part of the mappings, the type won't change automatically in the Azure portal. Customers will need to go into advanced settings in mappings and manually update the attribute type.
 
+#### Provisioning agent
+- The agent does not currently support auto update for the on-prem application provisioning scenario. We are actively working to close this gap and ensure that auto update is enabled by default and required for all customers. 
+- The same provisioning agent cannot be used for on-prem app provisioning and cloud sync / HR- driven provisioning. 
+
 ## Next steps
 [How provisioning works](how-provisioning-works.md)