From 2bfb2522c7d18f4f537ce5daef86db14791690e4 Mon Sep 17 00:00:00 2001 From: cproudlock Date: Wed, 13 May 2026 18:11:36 -0400 Subject: [PATCH] Phase 1 stays "in progress" until Report IP log appears Monitor on-screen Phase 1 row used to show COMPLETE the instant AAD join + Intune enroll + EmTask + baseline policies (>=15 subkeys) all hit. That's misleading: the bay isn't actually registration-clean until GE's Proactive Remediation Report IP script has fired on WiFi-only and dropped C:\Logs\GE_Report_IP_Address*.txt. Without that log, the SFLD ConfigurationProfile assignment filter still sees a leaked 10.9.100.x IP and Phase 2 won't unblock. Add reportIpDone to both the p1Done gate and the Get-PhaseStatus input list so the on-screen Intune Registration row stays IN PROGRESS until the file lands. Matches the dashboard side: idx=7 push is already gated on the same file. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../Shopfloor/lib/Monitor-IntuneProgress.ps1 | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1 b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1 index 2268e05..bf02278 100644 --- a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1 +++ b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1 @@ -811,13 +811,21 @@ function Format-Snapshot { # not just "arriving". Stops the category prompt firing pre-first-reboot # when only ~4 subkeys are present (we tested this empirically; clicking # "assign category" at 4 subkeys = imaging stalls + re-image required). + # Report IP log presence is part of Phase 1 completion. Without that log + # we know GE's Proactive-Remediation script hasn't fired on WiFi-only + # yet, which means the SFLD ConfigurationProfile assignment filter still + # sees a leaked 10.9.100.x IP and Phase 2 won't unblock. Don't call + # registration "done" until Report IP has cleared. + $reportIpDone = [bool](Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*.txt' -ErrorAction SilentlyContinue | Select-Object -First 1) $p1Done = ($Snap.Phase1.AzureAdJoined -and $Snap.Phase1.IntuneEnrolled -and - $Snap.Phase1.EmTaskExists -and $Snap.Phase1.PoliciesBaselineReady) + $Snap.Phase1.EmTaskExists -and $Snap.Phase1.PoliciesBaselineReady -and + $reportIpDone) $p1Status = Get-PhaseStatus @( @{ Ok = $Snap.Phase1.AzureAdJoined; Failed = $false }, @{ Ok = $Snap.Phase1.IntuneEnrolled; Failed = $false }, @{ Ok = $Snap.Phase1.EmTaskExists; Failed = $false }, - @{ Ok = $Snap.Phase1.PoliciesBaselineReady; Failed = $false } + @{ Ok = $Snap.Phase1.PoliciesBaselineReady; Failed = $false }, + @{ Ok = $reportIpDone; Failed = $false } ) # Phase 6 / Lockdown (shared by both flows, rendered last).