diff --git a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1 b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
index 2268e05..bf02278 100644
--- a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
@@ -811,13 +811,21 @@ function Format-Snapshot {
     # not just "arriving". Stops the category prompt firing pre-first-reboot
     # when only ~4 subkeys are present (we tested this empirically; clicking
     # "assign category" at 4 subkeys = imaging stalls + re-image required).
+    # Report IP log presence is part of Phase 1 completion. Without that log
+    # we know GE's Proactive-Remediation script hasn't fired on WiFi-only
+    # yet, which means the SFLD ConfigurationProfile assignment filter still
+    # sees a leaked 10.9.100.x IP and Phase 2 won't unblock. Don't call
+    # registration "done" until Report IP has cleared.
+    $reportIpDone = [bool](Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*.txt' -ErrorAction SilentlyContinue | Select-Object -First 1)
     $p1Done = ($Snap.Phase1.AzureAdJoined -and $Snap.Phase1.IntuneEnrolled -and
-               $Snap.Phase1.EmTaskExists -and $Snap.Phase1.PoliciesBaselineReady)
+               $Snap.Phase1.EmTaskExists -and $Snap.Phase1.PoliciesBaselineReady -and
+               $reportIpDone)
     $p1Status = Get-PhaseStatus @(
         @{ Ok = $Snap.Phase1.AzureAdJoined;          Failed = $false },
         @{ Ok = $Snap.Phase1.IntuneEnrolled;          Failed = $false },
         @{ Ok = $Snap.Phase1.EmTaskExists;            Failed = $false },
-        @{ Ok = $Snap.Phase1.PoliciesBaselineReady;   Failed = $false }
+        @{ Ok = $Snap.Phase1.PoliciesBaselineReady;   Failed = $false },
+        @{ Ok = $reportIpDone;                        Failed = $false }
     )
 
     # Phase 6 / Lockdown (shared by both flows, rendered last).