diff --git a/wiki/clients/kittle.md b/wiki/clients/kittle.md
index 8a26736..19982aa 100644
--- a/wiki/clients/kittle.md
+++ b/wiki/clients/kittle.md
@@ -374,6 +374,10 @@ Kittle confirmed it has no relationship with Foam Factory Incorporated.
 | Entra P2 added (all users) | 2026-06-09 | [OK] — Identity Protection now available |
 | FBI IC3 complaint filed (aa2ef50482ca4c05a54ae0f6cb56ffa0) | 2026-06-09 | [OK] |
 | Syncro tickets updated; billing applied | 2026-06-08/09 | [OK] |
+| accounting@ (Darline) MFA reset: removed MS Authenticator (SM-F731U1), added phone (520) 763-3091 as SMS default | 2026-06-10 | [OK] — via User Manager app; mirrors the admin@ reset. Personal (310) number was supplied first then corrected to the work number before completion. |
+| FIDO2/passkeys ENABLED tenant-wide (Authentication Methods policy `fido2` state -> enabled) | 2026-06-10 | [OK] — phishing-resistant method now available to all users (targets `all_users`, self-service reg on, no attestation/key restrictions, deviceBound+synced). Triggered by Darline hitting "passkey not enabled for the organization" during re-enrollment. Tenant still `policyMigrationState: migrationInProgress` — SMS/voice/Authenticator remain governed by legacy MFA settings. |
+| Auth Methods policy migration — Step 1 of 3: enabled `microsoftAuthenticator`, `sms`, `voice`, `softwareOath` in the converged policy (all `all_users`, additive) | 2026-06-10 | [OK] — replicates legacy MFA method set into the new policy ahead of migration; `policyMigrationState` deliberately LEFT at `migrationInProgress` (legacy still backing). NEXT: verification window (watch sign-in MFA failures), then Step 3 = PATCH `policyMigrationState: migrationComplete` only on explicit go. Tenant overdue (Microsoft retired legacy MFA mgmt Sept 2025; auto-complete risk). |
+| joshua@ (Josh Sutherland) + Brandon@ (Brandon Blazer) MFA reset to phone-only: added SMS (Josh +1 520-664-4785, Brandon +1 520-304-8247) as default, removed Authenticator (Josh iPad Pro, Brandon SM-F741U) | 2026-06-10 | [OK] — same pattern as admin@/accounting@. Cell numbers from client-supplied roster (KittlePhones.jpg). Bulk SMS-availability for the rest of the tenant was scoped OUT at Mike's direction (only Josh/Brandon needed now); accounting@ left as-is (work # +1 520-763-3091, re-registered Authenticator SM-S731U left in place). |
 
 ### Incident Evidence (preserved by ACG)