Retry in progress
You have 1 previous attempt for this scenario. Submitting again will create a new attempt and show a comparison against your most recent response.
Device LossDifficulty · easyHigh asset
Hi SOC,
I'm at the New York hotel and just realised I left my work laptop in the taxi from JFK last night. The driver is not answering callbacks. The bag also had a sticky note inside the flap with my pre-VPN PIN (I know, I'm sorry).
The laptop is the silver Dell I was issued last year — hostname is DPARK-LT01. I think it was logged in and I just closed the lid (sleep). I had Outlook, Salesforce, and our internal wiki open recently.
Please advise on what I should do. I've already filed a report with the taxi company.
— David, Enterprise Sales
Evidence
Endpoint inventory + MDM record (DPARK-LT01)
# Asset record (Intune / corp inventory)
Hostname: DPARK-LT01
Model: Dell Latitude 7440 (corp-issued 2024-09)
User: david.park@acme-corp.com (Sales)
OS: Windows 11 Pro 24H2
BitLocker: ENABLED at provisioning (key escrowed in Intune)
Compliance: non-compliant (MDM heartbeat 6 days ago)
Autopilot tag: SALES-LAPTOP
# Last sign-in / session activity
2026-04-18 22:14 UTC Outlook desktop sync (last)
2026-04-18 22:09 UTC Salesforce SSO refresh (last)
2026-04-18 21:58 UTC Wiki SSO sign-in (last)
2026-04-19 --:-- UTC No activity since 22:14 UTC
# Access scope on this account
- Salesforce: read/write on ~140 enterprise accounts
- M365 mailbox + OneDrive (cached locally)
- Corporate VPN cert (machine + user) installed
- No admin / privileged role
Affected asset
- Name
- DPARK-LT01 / david.park@acme-corp.com
- Type
- Corporate Windows laptop (Sales user) + cached M365 / Salesforce session
- Owner
- Enterprise Sales · David Park
- Level
- High