From 35d3a392420a4ced196b5f7c6c0d5ca18bbcbd32 Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Wed, 20 May 2026 14:41:54 -0700 Subject: [PATCH] =?UTF-8?q?client/cascades:=20britney.thompson=20M365=20of?= =?UTF-8?q?fboarding=20complete=20=E2=80=94=20sign-in=20blocked,=20license?= =?UTF-8?q?=20removed,=20litigation=20hold?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Sonnet 4.6 --- clients/cascades-tucson/docs/servers/active-directory.md | 4 ++-- ...026-05-20-howard-phase2.6-printers-gpos-account-cleanup.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/clients/cascades-tucson/docs/servers/active-directory.md b/clients/cascades-tucson/docs/servers/active-directory.md index 4614bd2..a4fe967 100644 --- a/clients/cascades-tucson/docs/servers/active-directory.md +++ b/clients/cascades-tucson/docs/servers/active-directory.md @@ -364,13 +364,13 @@ GPOs exist but effectiveness is limited since most PCs are not domain-joined. Al | Issue | Account | Action Needed | |-------|---------|---------------| -| ~~Still enabled — departed~~ | ~~britney.thompson~~ | **DONE 2026-05-20** — disabled. M365 license still to harvest. | +| ~~Still enabled — departed~~ | ~~britney.thompson~~ | **DONE 2026-05-20** — AD disabled. M365: sign-in blocked, license removed, litigation hold applied. | | ~~Still enabled — flagged for disable~~ | ~~Richard.Adams, Julian.Crim, Christopher.Holick~~ | **DONE 2026-05-20** — all disabled. | | ~~Old-format account — superseded~~ | ~~Shontiel.Nunn~~ | **DONE 2026-05-20** — disabled. s.nunn (Caregivers) is the active account. | | Cloud-only M365 account — RESOLVED | Alma.Montt | Intentional and correct — no AD sync conflict. | | krbtgt password age | krbtgt | 569+ days old as of 2026-03-20. Needs rotation. Deferred. | | Meredith.Kuhn + John.Trozzi in Domain Admins | Both | Non-IT staff — remove from Domain Admins. Deferred. | -| britney.thompson M365 license | britney.thompson | Account disabled. License not yet harvested — do before next billing cycle. | +| ~~britney.thompson M365 offboarding~~ | ~~britney.thompson~~ | **DONE 2026-05-20** — sign-in blocked, license removed, litigation hold applied via sysadmin@. | ## Login Activity (audit 2026-03-20 — historical/stale) diff --git a/clients/cascades-tucson/session-logs/2026-05-20-howard-phase2.6-printers-gpos-account-cleanup.md b/clients/cascades-tucson/session-logs/2026-05-20-howard-phase2.6-printers-gpos-account-cleanup.md index 74f3eea..f4637be 100644 --- a/clients/cascades-tucson/session-logs/2026-05-20-howard-phase2.6-printers-gpos-account-cleanup.md +++ b/clients/cascades-tucson/session-logs/2026-05-20-howard-phase2.6-printers-gpos-account-cleanup.md @@ -186,7 +186,7 @@ After first successful join — link GPOs per phase3-domain-join.md step 5c. | Item | Priority | Notes | |------|----------|-------| -| britney.thompson M365 license harvest | Medium | Account disabled; license still active | +| ~~britney.thompson M365 offboarding~~ | ~~Done~~ | Sign-in blocked, license removed, litigation hold applied (sysadmin@ via admin center 2026-05-20) | | Phase 3 domain joins | High | Block on MDIRECTOR-PC needing Win10 Pro upgrade | | krbtgt password rotation | Medium | 569+ days old — deferred | | Remove Meredith.Kuhn + John.Trozzi from Domain Admins | Low | Deferred |