Hi @RonaldBe21, the blog you're mentioning is @Rudy_Ooms_MVP blog. We've been in contact about this strange behavior and in one of my earlier replies I gave an update on the Windows 11 device that did not give the reseal option:

The device that could not reseal: 

I ended up with removing every policy assignment I had except for the update rings targeting users and still no reseal option. Then I deleted the following registry key:

HKLM:\SOFTWARE\Microsoft\Provisioning\SyncML\RebootRequiredURIs\ManagePreviewBuild

started pre-provisioning again, and yes! A nice reseal button!

I didn't have this issue (not resealing) with Windows 10. Later on, I tested with a couple of default policy sets like security baselines, Bitlocker, firewall, MDE, etc. All targeting device groups. I deploy update rings to user groups. But even then, the behavior was the same. No issues with Windows 10 pre-provisioning, while Windows 11 won't give the option to reseal. I'm testing a bit more, and will then contact support with all info I have. But deleting the above reg key, helped.

I'm seeing stranger thing too, In some cases, the device would reboot and not give the reseal option, then end up at the logon screen the first boot. But strange enough, after a second boot, the  user flow seems to start, like I did reseal the device. And again, all on Windows 11.

@Oktay Sari 

We are experiencing the same issue as described above.
The configuration that is giving errors is as following:

Windows 11 (build: 10.0.22000.795)
Autopilot pre-provisioning

When we apply the security baseline, we are getting the exact same reboot issue. Device is Intune manged and AAD joined after the reboot, only it is just showing the local login screen. A second reboot after the device gets the unexpected reboot never works.

In the IME log first we see the reboot trigger caused bij the CloudExperienceHostBroker.exe:

[datasensor] skipping boot event before first enrollment, bootid = 3-8-2022 08:44:00, CoreBootTimeInMilliseconds = 9290, GPTimeInMilliseconds = 0, TotalBootTimeInMilliseconds = 9290, UpdateTimeInMilliseconds = 0, EventDataXml = <BootReason><EventData xmlns="http://schemas.microsoft.com/win/2004/08/events/event" SystemPowerOffTime="2022-08-03T08:43:42.3470465Z">
  <Data Name="param1">C:\Windows\System32\CloudExperienceHostBroker.exe (PP5CD20337HS)</Data>
  <Data Name="param2">PP5CD20337HS</Data>
  <Data Name="param3">Besturingssysteem: nieuwe configuratie (niet gepland)</Data>
  <Data Name="param4">0x20004</Data>
  <Data Name="param5">opnieuw opstarten</Data>
  <Data Name="param6"></Data>
  <Data Name="param7">NT AUTHORITY\SYSTEM</Data>
</EventData>
<CustomData>
  <FullPath>C:\Windows\System32\CloudExperienceHostBroker.exe</FullPath>
</CustomData></BootReason>, BootReason = 1074, BootDiskMediaType = 4

In the shell-core-operational eventlog I subfrequently seeing the reboot required from DeviceSetup.RebootCoalescing.

CloudExperienceHost Web App Event 2. Name: ‘CommercialOOBE_BootstrapStatusCategory_RebootCoalescing_Initiated’, Value: ‘{"message":"BootstrapStatus: Non-parallelizable batch of 1 subcategories requires a reboot.","errorCode":0}’.

And last but not least in the DeviceManagement-Enterprise-Diagnostics eventlog we are seeing the DmaGuard URI is the cause of the reboot that has been triggered.

The following URI has triggered a reboot: (./Device/Vendor/MSFT/Policy/Config/DmaGuard/DeviceEnumerationPolicy).

Also, the deletion of the HKLM:\SOFTWARE\Microsoft\Provisioning\SyncML\RebootRequiredURIs\ManagePreviewBuild regkey doesn't always work (sometimes is does).

Next thing I''m going to try if it all works with the Windows 11 Insider preview build, just like @Rudy_Ooms_MVP is mentioning in his blog.

Anyone knows if there is already any news from Microsoft about this particular problem?

The cause of this issue is not very clear te me. At one customer I had this issue and changed all the assignments (including security baselines and update ring policy) from "all devices" to a device group instead. But this didn't work when I tested at another customer. 

One test I did there is to remove all the configuration profiles en security baselines, including the update ring policy. So nothing was applied to the device but still I did not get the reseal button. 

On other forums I also see that people are having different results. Maybe this could be when testing with different update levels of Windows, I am not sure.

So the only thing I can be sure of is that Microsoft told me it is a know bug and they are working on it. I can not get with 100% certainty a configuration which will always work. Microsoft also told me that they cannot provide me with a workarround, because they just don't have one. 

They also told me that removing the mentioned register key(s) also do not work (always) as expected so that is also not a good workarround.

I guess we can only wait to make sure that the issue is resolved by Microsoft. I will not advice to use Pre-Provisioning with Windows 11 for now, because I cannot find a working (workarround) solution which I am sure it will keep working and not have to worry that it stops working with different conditions.

I also tested with a colleague and we did have just good results with the latest insider build of Windows 11. Not something to use in a production environment for our customers, but at least we have good fate that Microsoft will be able to help us soon.

As mentioned before, as soon as I get a confirmed ETA for the fix from Microsoft, I will let you all know.