diff --git a/clients/rednour/reports/2026-06-01-carla-password-set.md b/clients/rednour/reports/2026-06-01-carla-password-set.md new file mode 100644 index 0000000..8e2f8c3 --- /dev/null +++ b/clients/rednour/reports/2026-06-01-carla-password-set.md @@ -0,0 +1,38 @@ +# Rednour Law — Client-Directed Password Set + +- **Date (UTC):** 2026-06-01T16:18:37Z +- **Performed by:** Mike Swanson (mike) via remediation-tool / User Manager app +- **Tenant:** rednourlaw.com (`4a4ca18a-f516-478b-99da-2e0722c5dc18`) +- **Change type:** Client-directed administrative change (NOT a breach remediation) + +## Target + +- **Display name:** Carla Skinner +- **UPN:** carla@rednourlaw.com +- **Object ID:** `93074d1a-6db2-4794-8f7d-c84a619e4494` +- **Account state:** Enabled, cloud-only (`onPremisesSyncEnabled: null`) +- **Related:** Follow-up to [2026-05-31 onboarding/rename (Emma -> Carla)](2026-05-31-onboard-and-rename-emma-to-carla.md) + +## Action + +Set account password via Graph User Manager app (`64fac46b-8b44-41ad-93ee-7da03927576c`). + +``` +PATCH https://graph.microsoft.com/v1.0/users/carla@rednourlaw.com +{ + "passwordProfile": { + "password": "", + "forceChangePasswordNextSignIn": false + } +} +``` + +- **forceChangePasswordNextSignIn:** false (per client direction) +- **Session revocation:** none performed (per client direction — existing sessions remain valid) +- **Result:** HTTP 204 (success) +- **Artifact:** `/tmp/remediation-tool/4a4ca18a-f516-478b-99da-2e0722c5dc18/remediation/carla-pwset-2026-06-01T161837.json` + +## Notes / advisories + +- Password supplied was a dictionary-word + sequential-digit pattern; flagged to operator as weak for a law-firm account but applied as directed. Entra accepted it (not on the banned-password list). +- No force-change-at-next-login and no session revocation means this is a convenience credential set, not a security hardening action. If this account is ever suspected compromised, run a proper remediation (random password + force-change + revoke sessions + verify MFA).