@StuartSquibb , for the device reported as "laps is not deployed", can you check the value of the ms-Mcs-AdmPwdExpirationTime attribute? is it older than 60 days ?

www.000webhost.com