Hi, After various tests and packet captures, we have found that we need to add the ephemeral port range and restricted them to the recommended autopilot FQDNs. And its now working! A classic of Microsoft documentation not listing everything needed. Investigating the non-Meraki firewalls, it would appear that they were doing something under their "stateful" badge and allowing these ports even though not directly listed in the rule set. Thanks for your help.
... View more
