diff --git a/clients/cascades-tucson/session-logs/2026-05-28-session.md b/clients/cascades-tucson/session-logs/2026-05-28-session.md
new file mode 100644
index 0000000..1640c9d
--- /dev/null
+++ b/clients/cascades-tucson/session-logs/2026-05-28-session.md
@@ -0,0 +1,59 @@
+## User
+- **User:** Mike Swanson (mike)
+- **Machine:** GURU-BEAST-ROG
+- **Role:** admin
+
+## Session Summary
+
+Mike requested that Howard Enos's cell phone be added as an MFA option on `sysadmin@cascadestucson.com` in the Cascades Tucson M365 tenant. The session was conducted entirely via the ClaudeTools Discord bot.
+
+Vault credentials were pulled for the Cascades Tucson M365 admin account and the ComputerGuru User Manager app (`msp-tools/computerguru-user-manager.sops.yaml`). An access token was obtained via client credentials flow against the Cascades Tucson tenant (ID: `207fa277-e9d8-4eb7-ada1-1064d2221498`).
+
+Before adding the new number, a check of existing phone authentication methods revealed a `mobile` type already registered: +1 520-289-1912. Since the Graph API enforces one entry per `phoneType`, Howard's number (+1 520-331-5551) was added as `alternateMobile`. Both phone types are valid for MFA SMS/call challenges in Entra ID.
+
+The Graph API POST succeeded and returned a new method ID confirming the addition. No Syncro ticket was created per Mike's preference.
+
+## Key Decisions
+
+- Added as `alternateMobile` rather than replacing the existing `mobile` (+1 520-289-1912) — preserving the existing number and adding Howard's as a second MFA-capable method.
+- Used the ComputerGuru User Manager app (multi-tenant, `UserAuthenticationMethod.ReadWrite.All`) rather than the GA admin account directly — consistent with MSP tooling patterns.
+
+## Configuration Changes
+
+- None to ClaudeTools repo files.
+- M365 change: `alternateMobile` phone method added to `sysadmin@cascadestucson.com`.
+
+## Credentials & Secrets
+
+- Vault path accessed: `clients/cascades-tucson/m365-admin.sops.yaml`
+- Vault path accessed: `msp-tools/computerguru-user-manager.sops.yaml`
+
+## Infrastructure & Servers
+
+- Tenant: `cascadestucson.com` (ID: `207fa277-e9d8-4eb7-ada1-1064d2221498`)
+- Target user: `sysadmin@cascadestucson.com`
+- App used: ComputerGuru User Manager (`client_id: 64fac46b-8b44-41ad-93ee-7da03927576c`)
+
+## Commands & Outputs
+
+```
+POST /v1.0/users/sysadmin@cascadestucson.com/authentication/phoneMethods
+Body: {"phoneNumber": "+15203315551", "phoneType": "alternateMobile"}
+
+Response: SUCCESS — alternateMobile +1 5203315551 added (id: b6332ec1-7057-4abe-9331-3d72feddfe41)
+```
+
+Existing method (unchanged):
+```
+mobile: +1 5202891912 (id: 3179e48a-750b-4051-897c-87b9720928f7)
+```
+
+## Pending / Incomplete Tasks
+
+- None.
+
+## Reference Information
+
+- Graph API: `GET|POST /v1.0/users/{upn}/authentication/phoneMethods`
+- New method ID: `b6332ec1-7057-4abe-9331-3d72feddfe41`
+- Howard's cell: +1 520-331-5551
diff --git a/projects/msp-tools/guru-rmm b/projects/msp-tools/guru-rmm
index 7f81588..7168cab 160000
--- a/projects/msp-tools/guru-rmm
+++ b/projects/msp-tools/guru-rmm
@@ -1 +1 @@
-Subproject commit 7f81588451c2f552379ca5845879334d7ae70123
+Subproject commit 7168cabcba49c38b281f63879ef5e62b432c6ba1