Remediation report: client-directed password set for carla@rednourlaw.com

clients/rednour/reports/2026-06-01-carla-password-set.md

@@ -0,0 +1,38 @@
+# Rednour Law — Client-Directed Password Set
+
+- **Date (UTC):** 2026-06-01T16:18:37Z
+- **Performed by:** Mike Swanson (mike) via remediation-tool / User Manager app
+- **Tenant:** rednourlaw.com (`4a4ca18a-f516-478b-99da-2e0722c5dc18`)
+- **Change type:** Client-directed administrative change (NOT a breach remediation)
+
+## Target
+
+- **Display name:** Carla Skinner
+- **UPN:** carla@rednourlaw.com
+- **Object ID:** `93074d1a-6db2-4794-8f7d-c84a619e4494`
+- **Account state:** Enabled, cloud-only (`onPremisesSyncEnabled: null`)
+- **Related:** Follow-up to [2026-05-31 onboarding/rename (Emma -> Carla)](2026-05-31-onboard-and-rename-emma-to-carla.md)
+
+## Action
+
+Set account password via Graph User Manager app (`64fac46b-8b44-41ad-93ee-7da03927576c`).
+
+```
+PATCH https://graph.microsoft.com/v1.0/users/carla@rednourlaw.com
+{
+  "passwordProfile": {
+    "password": "<redacted>",
+    "forceChangePasswordNextSignIn": false
+  }
+}
+```
+
+- **forceChangePasswordNextSignIn:** false (per client direction)
+- **Session revocation:** none performed (per client direction — existing sessions remain valid)
+- **Result:** HTTP 204 (success)
+- **Artifact:** `/tmp/remediation-tool/4a4ca18a-f516-478b-99da-2e0722c5dc18/remediation/carla-pwset-2026-06-01T161837.json`
+
+## Notes / advisories
+
+- Password supplied was a dictionary-word + sequential-digit pattern; flagged to operator as weak for a law-firm account but applied as directed. Entra accepted it (not on the banned-password list).
+- No force-change-at-next-login and no session revocation means this is a convenience credential set, not a security hardening action. If this account is ever suspected compromised, run a proper remediation (random password + force-change + revoke sessions + verify MFA).