Fix Report IP glob (.LOG not .txt) + add device-id copy button

Field bay surfaced two bugs in one diag dump (mdm-diag-F907T5X3 -
6PPSF24):

1. GE Proactive Remediation Report IP actually writes
   GE_Report_IP_Address_2_5.LOG (uppercase .LOG), not the .txt I
   assumed. Globs in two places had .txt filter -> never matched ->
   Phase 1 stuck IN PROGRESS forever even after the file landed and
   wired-NIC re-enable never fired. Drop extension from both globs
   in Monitor-IntuneProgress.ps1 (id=7 push gate + p1Done check).

2. The "GE Re-enable Wired NICs" SYSTEM task registered by
   Run-ShopfloorSetup was polling Autologon_Remediation.log for
   "Autologon set for ShopFloor" - a lockdown-time signal. Re-enable
   needs to fire at Report-IP time (well before lockdown) so that
   Monitor can push idx=7 with the QR before the Intune-triggered
   LAPS-prompt reboot. Repoint the SYSTEM task's poll to
   C:\Logs\GE_Report_IP_Address* (any extension).

Plus minor UX: copy button next to the Intune device ID on
/imaging dashboard so techs can grab the GUID without having to
double-click-select the <code>.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

playbook/shopfloor-setup/Run-ShopfloorSetup.ps1

@@ -310,11 +310,14 @@ if (Test-Path -LiteralPath $monitorScript) {
 $reEnableTask = 'GE Re-enable Wired NICs'
 try {
     $script = @'
-$imeLogs = 'C:\ProgramData\Microsoft\IntuneManagementExtension\Logs'
-$remLog  = Join-Path $imeLogs 'Autologon_Remediation.log'
-if (-not (Test-Path $remLog)) { exit 0 }
-$content = Get-Content $remLog -Raw -ErrorAction SilentlyContinue
-if ($content -notmatch 'Autologon set for ShopFloor') { exit 0 }
+# Poll for the GE Report-IP Proactive Remediation log file. Its appearance
+# means the Report IP script has fired with WiFi-only IPs (because we
+# disabled wired post-PPKG) - which is the exact moment we want to bring
+# wired back up so Monitor-IntuneProgress can push idx=7 with the
+# DeviceId / QR code before the Intune-triggered LAPS-prompt reboot lands.
+# Extension is .LOG (not .txt) observed in field; match any extension.
+$ip = Get-ChildItem 'C:\Logs\GE_Report_IP_Address*' -ErrorAction SilentlyContinue | Select-Object -First 1
+if (-not $ip) { exit 0 }
 
 # Vendor-agnostic wired-NIC re-enable. NetAdapter "Name" varies wildly
 # ("Ethernet", "Ethernet 2", "Network", per-vendor names like "Realtek

playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1

@@ -229,7 +229,7 @@ function Get-Phase1 {
     #
     # 1. Re-enable wired NICs as soon as the log lands + state file exists.
     # 2. Push idx=7 once DeviceId is captured AND the log exists.
-    $reportIpLog = Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*.txt' -ErrorAction SilentlyContinue |
+    $reportIpLog = Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*' -ErrorAction SilentlyContinue |
                    Select-Object -First 1
     $nicListFile = 'C:\Enrollment\disabled-wired-nics.txt'
     if ($reportIpLog -and (Test-Path $nicListFile)) {
@@ -810,7 +810,7 @@ function Format-Snapshot {
     # yet, which means the SFLD ConfigurationProfile assignment filter still
     # sees a leaked 10.9.100.x IP and Phase 2 won't unblock. Don't call
     # registration "done" until Report IP has cleared.
-    $reportIpDone = [bool](Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*.txt' -ErrorAction SilentlyContinue | Select-Object -First 1)
+    $reportIpDone = [bool](Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*' -ErrorAction SilentlyContinue | Select-Object -First 1)
     $p1Done = ($Snap.Phase1.AzureAdJoined -and $Snap.Phase1.IntuneEnrolled -and
                $Snap.Phase1.EmTaskExists -and $Snap.Phase1.PoliciesBaselineReady -and
                $reportIpDone)