import: ingested 160 files from C:\Users\howar\Clients

Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

clients/dataforth/docs/cloud/azure.md

@@ -0,0 +1,14 @@
+# Azure / Cloud Services
+
+## Azure
+No Azure IaaS services identified. Entra ID is used for M365 sync only.
+
+## Other Cloud/Web Services
+| Service | Purpose | Notes |
+|---------|---------|-------|
+| dataforth.com | Company website + test datasheet portal | Upload endpoints currently return 404 |
+| legacy.dataforth.com | Legacy test data reports | /TestDataReport_Print.aspx still works, no auth required |
+
+## Notes
+- Website upload mechanism is broken post-crypto attack — old ASP.NET endpoints return 404
+- Legacy datasheet viewer still functional but unauthenticated

clients/dataforth/docs/cloud/m365.md

@@ -0,0 +1,31 @@
+# Microsoft 365 / Entra ID
+
+## Tenant Info
+- Tenant ID: 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584
+- Primary Domain: dataforth.com
+- Admin Portal: https://admin.microsoft.com
+
+## Entra ID (Azure AD)
+- Hybrid Joined: Yes — Azure AD Connect
+- Sync Account: MSOL_664594195fe2
+- Syncs From: OU=SyncedUsers
+- Does NOT Sync: OU=ServiceAccounts
+- Password Hash Sync: Unknown
+
+## Conditional Access Policies
+Deployed 2026-03-27, **report-only until April 4, 2026**:
+
+| Policy | Details |
+|--------|---------|
+| Require MFA | Skip from office IP 67.206.163.122 |
+| Block foreign sign-ins | US only, MFA-Travel-Bypass group for exceptions |
+| Block legacy authentication | Blocks all legacy auth protocols |
+
+## MFA Status
+- MFA-Ready: 19/38 users
+- Need to Register: 19 users
+- **Enforcement Date: April 4, 2026**
+
+## Notes
+- MFA-Travel-Bypass is likely an Entra ID group (not on-prem AD)
+- No custom security groups found in on-prem AD