diff --git a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1 b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
index 9e8de0c..17eccf5 100644
--- a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
@@ -615,10 +615,27 @@ try {
             Invoke-SetupComplete
         }
 
-        # Reboot check (boot-loop-safe)
+        # Reboot check (boot-loop-safe). Only prompt once Phase 1 (Identity),
+        # Phase 2 (SFLD config), and Phase 3's first two items (deploy log
+        # present + pre-reboot deployment complete) are all green. Don't rush
+        # the user into rebooting before the enrollment pipeline has finished
+        # its pre-reboot work.
         $rebootState = Test-RebootState
         if ($rebootState -eq 'needed') {
-            Invoke-RebootPrompt
+            $preRebootReady = (
+                $snap.Phase1.AzureAdJoined -and
+                $snap.Phase1.IntuneEnrolled -and
+                $snap.Phase1.EmTaskExists -and
+                $snap.Phase1.PoliciesArriving -and
+                $snap.Phase2.SfldRoot -and
+                $snap.Phase2.FunctionOk -and
+                $snap.Phase2.SasTokenOk -and
+                $snap.Phase3.DeployLogExists -and
+                $snap.Phase3.DeployComplete
+            )
+            if ($preRebootReady) {
+                Invoke-RebootPrompt
+            }
         }
 
         # Re-trigger sync periodically