diff --git a/.claude/messages/for-howard.md b/.claude/messages/for-howard.md
index 53a14c3..60a8308 100644
--- a/.claude/messages/for-howard.md
+++ b/.claude/messages/for-howard.md
@@ -4,13 +4,6 @@ Check this file at sync. Delete items after you've addressed them.
 
 ---
 
-## From Mike, 2026-04-19 — Cascades IdentityRiskyUser.Read.All consent
+## From Mike, 2026-04-19 — Cascades IdentityRiskyUser.Read.All — RESOLVED
 
-**Go ahead.** Approved to grant admin consent for `IdentityRiskyUser.Read.All` on the Cascades tenant.
-
-Agree with your reasoning — read-only, we already hold far more sensitive scopes, and the workflow gap is real.
-
-Consent URL (sign in as GA on Cascades tenant):
-```
-https://login.microsoftonline.com/207fa277-e9d8-4eb7-ada1-1064d2221498/adminconsent?client_id=fabb3421-8b34-484b-bc17-e46de9703418
-```
+App manifest updated with all risky Identity Protection APIs. Admin consent re-run on Cascades tenant (2026-04-19). Should be live — re-test the risky-user check when you get a chance.