From 2d75935dfc41db4b5a3115010ab6b6866929dc8c Mon Sep 17 00:00:00 2001
From: cproudlock <cproudlock@localhost>
Date: Thu, 14 May 2026 19:13:26 -0400
Subject: [PATCH] PostPpkg settle 60s -> 120s

Empirical: a fresh-imaged bay often hasn't finished AAD-join + first
Intune sync by 60s, so the post-PPKG-reboot Monitor instance starts
without DeviceId visible to dsregcmd yet. Doubling the settle to 120s
gives MDM more time to land baseline policies before the reboot,
which means the post-reboot Monitor sees AAD-joined + DeviceId on
first tick and fires idx=7 immediately.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 playbook/shopfloor-setup/Run-ShopfloorSetup.ps1               | 2 +-
 .../shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 b/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1
index 5a5c5da..c8df766 100644
--- a/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1
+++ b/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1
@@ -421,7 +421,7 @@ if (Test-Path -LiteralPath $enrollScript) {
     Write-Host "=== Running enrollment (PPKG install) ==="
     Write-Host "NOTE: PPKG schedules a near-immediate reboot. We will cancel"
     Write-Host "      it and hand off to Monitor-IntuneProgress -PostPpkg, which"
-    Write-Host "      runs a 60s settle (giving MDM time to push baseline"
+    Write-Host "      runs a 120s settle (giving MDM time to push baseline"
     Write-Host "      policy) and then performs a clean reboot."
     try { Stop-Transcript | Out-Null } catch {}
     & $enrollScript
diff --git a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1 b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
index b35b65e..0665b13 100644
--- a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
@@ -80,11 +80,11 @@ param(
     # The persistent @logon sync_intune task takes over after reboot.
     [switch]$PostPpkg,
     # -PostPpkgSettleSec: how long to wait before the clean reboot when
-    # in -PostPpkg mode. 60s empirically gives MDM enough time to push
+    # in -PostPpkg mode. 120s empirically gives MDM enough time to push
     # the baseline policy (4 -> ~30 PolicyManager subkeys) so when techs
     # see sync_intune resume after reboot, the readiness signals are
     # already meaningful instead of "policy still pulling".
-    [int]$PostPpkgSettleSec = 60
+    [int]$PostPpkgSettleSec = 120
 )
 
 # ============================================================================