Monitor: fire idx=7 immediately on DeviceId capture (beat LAPS reboot)

User constraint: GE-issued LAPS-prompt reboot lands ~1 minute after
Report IP posts its log. Need the QR on the PXE dashboard BEFORE
that reboot or the operator has no way to look up the device for
LAPS retrieval.

Previously idx=7 was gated on Phase 1 essentials (AAD + Intune
enrolled + EmTask + baseline policies >=5). Those flips happen
later than DeviceId capture (dsregcmd shows DeviceId the instant
AAD-join completes during PPKG). Dropping the gate so idx=7
fires the moment the cache has a DeviceId. Phase 1 row on the
on-bay Monitor display still has its own AESFMA-required gate
for operational completeness; only the dashboard push is moved
earlier.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1

@@ -346,10 +346,15 @@ function Get-Phase1 {
             }
         }
     }
-    if ($phase1Essential -and $script:cache.DeviceId -and -not $script:cache.DeviceIdReported) {
+    # idx=7 push fires AS SOON AS DeviceId is captured. We want the QR
+    # to render on the PXE dashboard BEFORE the Intune-driven LAPS-prompt
+    # reboot lands (~1 min after GE Report IP posts its log). Phase 1
+    # essentials, SCEP cert delivery, and AESFMA connection all take
+    # longer than DeviceId capture, so don't gate on any of those.
+    if ($script:cache.DeviceId -and -not $script:cache.DeviceIdReported) {
         if (Get-Command Send-PxeStatus -ErrorAction SilentlyContinue) {
             try {
-                Send-PxeStatus -Stage 'Monitor-IntuneProgress: Intune registration complete' `
+                Send-PxeStatus -Stage 'Monitor-IntuneProgress: Intune Device ID captured' `
                                -StageIndex 7 -StageTotal 8 `
                                -IntuneDeviceId $script:cache.DeviceId -ErrorAction Stop
                 $script:cache.DeviceIdReported = $true