sync: auto-sync from HOWARD-HOME at 2026-04-22 16:38:05

Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-22 16:38:05

clients/cascades-tucson/docs/cloud/caregiver-m365-p2-rollout.md

@@ -37,7 +37,7 @@ Role flags: **CCG** = certified caregiver, **MedTech / MED TECH** = medication t
 | 8 | Bella Mendoza | bella.mendoza@ | PM | MC | Caregiver | 520-358-2000 |
 | 9 | Rosa Morales | rosa.morales@ | PM | MC | MedTech | 312-213-8780 |
 | 10 | Sandra Padilla | sandra.padilla@ | AM | Tower | MedTech / CCG | 520-585-3317 |
-| 11 | Polett Pinazavala | polett.pinazavala@ | AM | MC | MedTech | 520-449-5533 |
+| 11 | ~~Polett Pinazavala~~ *(departed 2026-04-22)* | — | — | — | — | — |
 | 12 | Whisper Reed | whisper.reed@ | Overnight | Tower | MedTech | 520-312-7575 |
 | 13 | Patricia Sandoval-Beck | patricia.sandoval-beck@ | AM | Tower | MedTech | 520-343-8093 |
 | 14 | Charity Sika | charity.sika@ | AM | MC | Caregiver | 623-251-8032 |
@@ -103,11 +103,11 @@ All UPNs above use the `@cascadestucson.com` suffix (standard).
 
 - **Christine Nyanzunda** — **Resolved 2026-04-22:** one person, one account. Existing `christine.nyanzunda@` mailbox covers both MC Admin role and her part-time Sun/Mon MedTech shifts. Do not create a second account.
 - **Paty Doran** — **Resolved 2026-04-22:** legal name `Patricia Camarena Doran`. Account will be `patricia.doran@`.
-- **Polett Pinazavala** — **Resolved 2026-04-22:** spelling confirmed; still employed. Setup declared in 2026-04-22 email: MedTech — Memory Care (Tue–Sat), D+P, ALIS=Y, Outside=N.
+- **Polett Pinazavala** — **Resolved 2026-04-22 (John's reply): departed.** Remove from roster. No AD/M365 account exists so no disable needed.
 - **Patricia Sandoval-Beck** — **Resolved 2026-04-22 (CSV inline note from Meredith):** hyphen is correct. SamAccountName may still need to be `Patricia.SandovalBeck` if ALIS/MDM reject hyphens — test during Wave 3.
 - **Ederick Yuzon** — **Still pending:** spelling asked in 2026-04-22 email.
 - **Maia Baker** — **Resolved 2026-04-22 (CSV inline note):** part-time, still employed.
-- **Reliable Agency shared logins (x2)** — new since 2026-04-22: John added two agency rows to the returned CSV without per-person names. Decision: two shared-login accounts, not per-person. Usernames pending (`reliable1@` / `reliable2@` proposed 2026-04-22).
+- **Reliable Agency shared logins (x2)** — **Resolved 2026-04-22 (John's reply): usernames `reliable1@` and `reliable2@` confirmed.** Shared-login accounts, not per-person. Create in Wave 1 alongside Alma/Kyla.
 
 ## Licensing plan (when ready — NOT now)
 
@@ -170,8 +170,8 @@ Group-policy impact: the `CSC - Folder Redirection (LE)` work done for Life Enri
 
 - [x] ~~Confirm Christine Nyanzunda is one person, not two~~ (resolved 2026-04-22 — one person, one account)
 - [x] ~~HR spelling confirmation on Paty Doran, Polett Pinazavala, Patricia Sandoval-Beck, Maia Baker~~ (all resolved 2026-04-22)
-- [ ] **Ederick Yuzon first-name spelling** — asked in 2026-04-22 email
-- [ ] **Reliable Agency shared-login short usernames** — asked in 2026-04-22 email (proposed `reliable1@` / `reliable2@`)
+- [ ] **Ederick Yuzon first-name spelling** — asked in 2026-04-22 email, still outstanding
+- [x] ~~Reliable Agency shared-login short usernames~~ (resolved 2026-04-22: reliable1/reliable2 confirmed)
 - [ ] Will caregivers use ALIS on the shared phones (need ALIS accounts + Entra SSO) or only email?
 - [ ] Does Cascades want to purchase 39 additional Business Premium licenses up-front, or roll out in waves (e.g., MedTechs first, then CCGs, then Caregivers)?
 - [ ] Confirm pfSense WAN IP(s) are static enough to rely on in a CA Named Location policy

clients/cascades-tucson/docs/cloud/cascades-staff-followup-2026-04-22.md

@@ -20,10 +20,20 @@ I will send a full list for you all to look over.
 
 *This is the copy of the email Howard sent to Meredith / John / Ashley on 2026-04-22. Full working list (the referenced follow-up) is `cascades-staff-working-list-2026-04-22.md`.*
 
-## Notes on what's being asked vs. declared
+## Reply from John (2026-04-22)
 
-- **#1 Britney** — open question. Howard confirmed she's still employed; Meredith/John need to specify phone-yes-or-no and outside-sign-in-yes-or-no.
-- **#2 Alma** — open question on role (admin / manager / other).
-- **#3 Polett** — NOT a question. Howard is declaring the setup he intends: D+P, ALIS=Y, Outside=N, MedTech Memory Care Tue–Sat. Meredith/John stop him if wrong.
-- **#4 Ederick** — open question on first-name spelling.
-- **#5 + #6 Agency** — open question on preferred short username. Howard's proposal: `reliable1` / `reliable2` rather than `reliable.agency.caregiver1/2`. These are treated as shared agency-login accounts rather than per-person accounts.
+> "I deleted all those people britney is gone poletge is gone i dont know why it keeps not saving things, Alma is d+p and alis /offsite, she is mc life enrichment"
+>
+> (separate email) "Reliable i would like just like that"
+
+### Resolution of each item
+
+- **#1 Britney Thompson — DEPARTED.** No longer an employee. Her existing AD account (`britney.thompson`) and M365 license (Business Standard + Exchange Online Essentials per `docs/cloud/m365.md`) need to be disabled and harvested.
+- **#2 Alma R Montt — ANSWERED.** D+P, ALIS=Y, Outside sign-in=Y. Title = "Memory Care Life Enrichment" (LE staff assigned to Memory Care residents — department stays Life Enrichment, title reflects the MC focus).
+- **#3 Polett Pinazavala — DEPARTED.** No longer an employee. Was not in AD/M365 yet — just remove from the roster. No license to harvest, no account to disable.
+- **#4 Ederick Yuzon — STILL PENDING.** John didn't address the spelling; assume he'll send a separate reply or we ping him again.
+- **#5 / #6 Agency — CONFIRMED.** Usernames `reliable1` and `reliable2` as proposed. Shared-login accounts for whichever Reliable Agency caregiver is on shift.
+
+### John's note about "keeps not saving things"
+
+John's comment suggests he tried editing the HTML questionnaire and saw edits disappear. The v2 editor uses localStorage + Export JSON — if he closed the browser without exporting (or edited in InPrivate mode), edits don't persist. Worth a follow-up at some point to make sure that's not blocking him from other inputs. Not urgent since we got the answers by email anyway.

clients/cascades-tucson/docs/cloud/cascades-staff-working-list-2026-04-22.md

@@ -42,7 +42,6 @@ Items marked **[?]** are the few things still needing a confirmation from you
 | Lois Lane | Health Services Director | lois.lane@cascadestucson.com | Y | Y |
 | Karen Rossini | Health Services Manager | karen.rossini@cascadestucson.com | Y | Y |
 | Veronica Feller | Care, AL Aide | veronica.feller@cascadestucson.com | Y | Y |
-| Britney Thompson | Memory Care Nurse | britney.thompson@cascadestucson.com | Y *(confirm)* | Y *(confirm)* |
 
 ## Memory Care
 
@@ -70,7 +69,7 @@ Items marked **[?]** are the few things still needing a confirmation from you
 |---|---|---|---|---|
 | Susan Hicks | Life Enrichment Director | susan.hicks@cascadestucson.com | Y | Y |
 | Sharon Edwards | Life Enrichment Assistant | sharon.edwards@cascadestucson.com | Y | N |
-| Alma R Montt | *(title TBD — see pending)* **[?]** | alma.montt@cascadestucson.com | Y | Y |
+| Alma R Montt | Memory Care Life Enrichment | alma.montt@cascadestucson.com | Y | Y |
 
 ## Culinary
 
@@ -93,13 +92,17 @@ Items marked **[?]** are the few things still needing a confirmation from you
 |---|---|---|---|---|
 | Lupe Sanchez *(aka Guadalupe)* | Housekeeping Director | lupe.sanchez@cascadestucson.com | Y | Y |
 
-## Transportation
+## Transportation (drivers)
+
+**Access decision 2026-04-22 (Howard):** Drivers stay on the roster for tracking but do NOT get IT access — they drive and use their personal phones for Google Maps, no email, no ALIS, no Cascades login. Existing AD accounts will be disabled; they remain employees on this list.
 
 | Name | Title | Email | Phone | Outside sign-in |
 |---|---|---|---|---|
-| Richard Adams | Driver | richard.adams@cascadestucson.com | Y *(phone only)* | N |
-| Julian Crim | Driver | julian.crim@cascadestucson.com | Y *(phone only)* | N |
-| Christopher Holick | Driver | christopher.holick@cascadestucson.com | Y *(phone only)* | N |
+| Richard Adams | Driver | — *(no account)* | N | N |
+| Julian Crim | Driver | — *(no account)* | N | N |
+| Christopher Holick | Driver | — *(no account)* | N | N |
+
+The `Transportation@` shared mailbox is a separate decision — confirm with Meredith whether to keep it for dispatch/scheduling emails or retire it once driver AD accounts are disabled.
 
 ---
 
@@ -168,48 +171,69 @@ All caregivers sign into the shared company-issued Android phones using their ow
 |---|---|---|---|---|
 | Ezekiel Huerta | Caregiver PRN — Tower | ezekiel.huerta@cascadestucson.com | Y | N |
 | Maia Baker | MedTech PRN — Memory Care | maia.baker@cascadestucson.com | Y | N |
-| Polett Pinazavala | MedTech — Memory Care *(Tue–Sat)* | polett.pinazavala@cascadestucson.com | Y | N |
 
-### Agency — shared-account logins **[?]** *(confirm short username)*
+### Agency — shared-account logins (confirmed 2026-04-22)
 
-These are shared logins used by whoever from Reliable Agency is covering a shift. Not tied to a specific person. Proposing short usernames rather than long `reliable.agency.caregiver1/2` — pending Meredith/John preference.
+Shared logins used by whoever from Reliable Agency is covering a shift. Not tied to a specific person. John confirmed `reliable1` and `reliable2` as the usernames.
 
 | Name | Role | Email | Phone | Outside sign-in |
 |---|---|---|---|---|
-| Reliable Agency shared login #1 | Agency caregiver | reliable1@cascadestucson.com *(proposed)* | Y | N |
-| Reliable Agency shared login #2 | Agency caregiver | reliable2@cascadestucson.com *(proposed)* | Y | N |
+| Reliable Agency shared login #1 | Agency caregiver | reliable1@cascadestucson.com | Y | N |
+| Reliable Agency shared login #2 | Agency caregiver | reliable2@cascadestucson.com | Y | N |
 
 ---
 
 ## Summary counts
 
+### Identities / accounts being created or kept
+
 | Category | Count |
 |---|---|
-| Office staff with outside sign-in (Admin, Sales, Clinical incl. Britney, MC, RS Director, LE, Culinary, Maintenance, Housekeeping) | 19 |
+| Office staff with outside sign-in | 18 |
 | Office staff in-building only (Allison, Sharon, Ramon, Matt) | 4 |
 | Shared front-desk receptionists | 4 |
 | Courtesy Patrol | 3 |
-| Drivers (phone-only) | 3 |
-| Caregivers / shift staff (incl. Polett) | 38 |
+| Caregivers / shift staff | 37 |
 | Agency shared logins | 2 |
-| **Total identities to set up** | **73** |
+| **Total active identities / mailboxes** | **68** |
 
-## Pending confirmations (marked [?] above)
+### Employees on the roster but no IT account
 
-Asked in the 2026-04-22 email:
+| Category | Count |
+|---|---|
+| Drivers (on roster, no IT access) | 3 |
 
-1. **Britney Thompson** — phone Y/N and outside sign-in Y/N? Existing account — just need the two flags.
-2. **Alma R Montt** — title / role? (Admin, manager, something else in Life Enrichment?)
-3. **Ederick Yuzon** — first-name spelling? (Ederick / Edrick / other?)
-4. **Reliable Agency shared logins** — short username preference? Proposing `reliable1` and `reliable2` rather than the long `reliable.agency.caregiver1/2`.
+### Departures (2026-04-22)
 
-**Declared (stop me if wrong):**
-- Polett Pinazavala set up as MedTech — Memory Care (Tue–Sat), Desktop+phone, ALIS, no outside sign-in.
+| Name | Action |
+|---|---|
+| Britney Thompson | Disable existing AD account, harvest M365 license (Business Standard + Exchange Online Essentials) |
+| Polett Pinazavala | Remove from roster (no existing account) |
 
-## Update 2026-04-22 (post-email)
+### Existing accounts to disable (drivers)
 
-- Polett's row above is the declared setup — if Meredith/John don't push back, this goes live with the rest of the caregiver wave.
-- Agency row emails are placeholders pending the short-username confirmation.
+| Account | Reason |
+|---|---|
+| `Richard.Adams` | Drivers no longer get IT access per 2026-04-22 decision |
+| `Julian.Crim` | Same |
+| `Christopher.Holick` | Same |
+
+## Resolved from John's 2026-04-22 reply
+
+- **Britney Thompson — DEPARTED.** Disable existing AD account and harvest Business Standard + Exchange Online Essentials license.
+- **Polett Pinazavala — DEPARTED.** Not in AD, no action needed other than removal from roster.
+- **Alma R Montt — ANSWERED.** Title "Memory Care Life Enrichment", D+P, ALIS=Y, Outside=Y.
+- **Agency usernames — CONFIRMED.** `reliable1` and `reliable2` as proposed.
+- **Drivers — NO ACCOUNTS.** Disable existing 3 AD accounts (Richard Adams, Julian Crim, Christopher Holick).
+
+## Still pending from Meredith/John
+
+1. **Ederick Yuzon — first-name spelling.** (Ederick / Edrick / other?)
+
+## Separate decisions from Meredith
+
+- Business Premium tenant-wide vs. mixed SKUs (purchase decision for the ~68 accounts).
+- What to do with `Transportation@` shared mailbox after driver accounts are disabled — keep for dispatch emails or retire.
 
 ## Policy summary
 

clients/cascades-tucson/docs/cloud/p2-staff-candidates.md

@@ -75,9 +75,11 @@ The CSV encodes access posture per person with three columns: **Access** (D / P
 
 Allison + Sharon are borderline — ALIS handling alone doesn't mandate P2, but if we go the "enforce building-only sign-in for anyone with ALIS access" route, they'd need P2 to carry the CA policy. Wait for the "restrict everyone or just some" decision before deciding.
 
-**Note on Britney Thompson:** Previously predicted as a likely P2 candidate, absent from the 2026-04-22 CSV return. **Confirmed 2026-04-22 (Howard) — still an employee; needs Desktop + possibly Phone access.** Treated as Office-PHI (external-OK) clinical staff for license math until Meredith specifies a different posture. Add to purchase count.
+**Note on Britney Thompson:** **Departed as of 2026-04-22 (per John's reply).** Disable existing `britney.thompson` AD account and harvest the Business Standard + Exchange Online Essentials license. Not in any license purchase count going forward.
 
-**Note on Polett Pinazavala:** On the original 2026-04-18 caregiver roster, absent from the 2026-04-22 CSV return. **Confirmed 2026-04-22 (Howard) — still employed.** Full setup declared in the 2026-04-22 email to Meredith/John: MedTech — Memory Care (Tue–Sat), D+P, ALIS=Y, Outside=N. Counts as one Business Premium license in the caregiver total (not office P2).
+**Note on Polett Pinazavala:** **Departed as of 2026-04-22 (per John's reply).** Not in AD/M365 — no disable needed, just removed from roster. Not in any license count.
+
+**Note on drivers (Richard Adams, Julian Crim, Christopher Holick):** **No IT access per 2026-04-22 decision (Howard).** Disable the 3 existing AD accounts. Not in any license count. Stay on the working roster for employee tracking only.
 
 **Shared-PC receptionists** (D only, no Outside, no ALIS): Cathy Kingston, Shontiel Nunn, Kyla Quick Tiffany, Michelle Shestko — four people on shared front-desk PCs. No individual P2 needed; their story is shared-account vs individual-account, not P2.
 
@@ -105,16 +107,19 @@ No answer yet. This decision directly changes the license count and the CA polic
 
 | Scenario | Qty | Notes |
 |---|---|---|
-| Confirmed P2-needed (Outside=Y + ALIS=Y office staff from CSV) | **19** | See table above |
-| + Britney Thompson (confirmed 2026-04-22, CSV-omitted, clinical PHI) | **20** | Office-PHI tier |
-| Add borderline (Outside=N + ALIS=Y: Allison + Sharon) | **22** | Only if we pick "restrict-everyone-with-ALIS" posture |
-| All staff (if "restrict everyone" decision) | ~32 office + 40 caregivers (incl. Polett) | Full headcount including the two CSV-omitted returnees |
+| Office staff with Outside=Y (Office-PHI external-OK) | **18** | Includes Alma. Britney removed (departed). |
+| + Office Outside=N + ALIS=Y (Allison Reibschied, Sharon Edwards) | **20** | Need CA coverage even in building-only posture |
+| + Matt Brooks (dual-dept, ALIS=Y) | **21** | Per rollout plan §3 |
+| All licensed seats under building-only-default | 21 office + 3 Courtesy Patrol + 4 Reception + 37 caregivers + 2 agency = **67** | Plus Ramon Castaneda for office non-PHI = **68** total active identities |
 
 ## Action items
 
 - [x] ~~Follow up with John Trozzi on the gathering — he owes us the list~~ (received 2026-04-22 via CSV)
 - [ ] Push Meredith for the "restrict everyone or just some" decision — still unanswered as of 2026-04-22
-- [ ] Resolve remaining email questions (see `clients/cascades-tucson/docs/cloud/cascades-staff-followup-2026-04-22.md`): Britney phone+outside flags, Alma R Montt title, Ederick Yuzon spelling, agency shared-login username preference
+- [x] ~~Britney phone+outside flags~~ (resolved 2026-04-22: departed)
+- [x] ~~Alma R Montt title~~ (resolved 2026-04-22: Memory Care Life Enrichment, D+P/Y/Y)
+- [x] ~~Agency shared-login username preference~~ (resolved 2026-04-22: reliable1/reliable2 confirmed)
+- [ ] **Ederick Yuzon spelling** — only remaining question from the 2026-04-22 follow-up email
 - [ ] Decide: standalone P2 add-on for the 19 OR move those users to Business Premium OR move whole tenant to Business Premium (default recommendation: Premium tenant-wide)
 - [ ] Build CA policy `CSC - Office Staff PHI Access` separate from the caregiver mobile policy
 - [ ] Remember to REMOVE Tamra's license + CA exclusion on her departure date (June 2026 — confirmed)

clients/cascades-tucson/docs/cloud/questionnaires/cascades-staff-editor-2026-04-22.html

@@ -253,7 +253,6 @@ const INITIAL = {
     ["Lois Lane","Health Services Director","Care, Assisted Living (Nursing / Clinical)","D+P",true,true,""],
     ["Karen Rossini","Health Services Manager","Care, Assisted Living (Nursing / Clinical)","D+P",true,true,""],
     ["Veronica Feller","Care, Assisted Living Aide","Care, Assisted Living (Nursing / Clinical)","D+P",true,true,""],
-    ["Britney Thompson","Memory Care Nurse","Care, Assisted Living (Nursing / Clinical)","D+P",true,true,"[?] Phone Y/N and outside sign-in Y/N? Currently assumed D+P with outside sign-in — flip the flags if that's wrong."],
 
     // Care, Memory Care
     ["Shelby Trozzi","Memory Care Director","Care, Memory Care","D+P",true,true,""],
@@ -272,7 +271,7 @@ const INITIAL = {
     // Life Enrichment
     ["Susan Hicks","Life Enrichment Director","Life Enrichment","D+P",true,true,""],
     ["Sharon Edwards","Life Enrichment Assistant","Life Enrichment","D+P",false,true,""],
-    ["Alma R Montt","","Life Enrichment","D+P",true,true,"[?] What's her title / role — admin, manager, or something else in Life Enrichment? Please type it into the Title box."],
+    ["Alma R Montt","Memory Care Life Enrichment","Life Enrichment","D+P",true,true,"Confirmed by John 2026-04-22: D+P, ALIS, offsite. LE staff assigned to Memory Care residents."],
 
     // Culinary
     ["JD Martin","Culinary Director","Culinary","D+P",true,true,""],
@@ -286,10 +285,11 @@ const INITIAL = {
     // Housekeeping
     ["Lupe Sanchez","Housekeeping Director","Housekeeping","D+P",true,true,"AKA Guadalupe Sanchez"],
 
-    // Transportation
-    ["Richard Adams","Driver","Transportation","P",false,false,"Phone only"],
-    ["Julian Crim","Driver","Transportation","P",false,false,"Phone only"],
-    ["Christopher Holick","Driver","Transportation","P",false,false,"Phone only"],
+    // Transportation — on the roster for tracking but no IT access (2026-04-22 Howard decision).
+    // Existing AD accounts will be disabled.
+    ["Richard Adams","Driver","Transportation","",false,false,"No IT access — drivers use personal phones for Google Maps. Existing AD account will be disabled."],
+    ["Julian Crim","Driver","Transportation","",false,false,"No IT access — drivers use personal phones for Google Maps. Existing AD account will be disabled."],
+    ["Christopher Holick","Driver","Transportation","",false,false,"No IT access — drivers use personal phones for Google Maps. Existing AD account will be disabled."],
 
     // Caregivers (shift staff) — Tue–Sat
     ["Thelma Abainza","Caregiver — Tower (Tue–Sat)","Caregivers (shift staff)","D+P",false,true,""],
@@ -302,7 +302,6 @@ const INITIAL = {
     ["Bella Mendoza","Caregiver — Memory Care (Tue–Sat)","Caregivers (shift staff)","D+P",false,true,""],
     ["Rosa Morales","MedTech — Memory Care (Tue–Sat)","Caregivers (shift staff)","D+P",false,true,""],
     ["Sandra Padilla","MedTech / CCG — Tower (Tue–Sat)","Caregivers (shift staff)","D+P",false,true,""],
-    ["Polett Pinazavala","MedTech — Memory Care (Tue–Sat)","Caregivers (shift staff)","D+P",false,true,"Confirmed still employed 2026-04-22. Setup declared: D+P, ALIS, no outside sign-in."],
     ["Whisper Reed","MedTech — Tower overnight (Tue–Sat)","Caregivers (shift staff)","D+P",false,true,""],
     ["Patricia Sandoval-Beck","MedTech — Tower (Tue–Sat)","Caregivers (shift staff)","D+P",false,true,""],
     ["Charity Sika","Caregiver — Memory Care (Tue–Sat)","Caregivers (shift staff)","D+P",false,true,""],
@@ -341,9 +340,9 @@ const INITIAL = {
     ["Ezekiel Huerta","Caregiver PRN — Tower","Caregivers (shift staff)","D+P",false,true,""],
     ["Maia Baker","MedTech PRN — Memory Care","Caregivers (shift staff)","D+P",false,true,"Part-time (confirmed)"],
 
-    // Caregivers — agency shared-login accounts
-    ["Reliable Agency shared login #1","Agency caregiver","Caregivers (shift staff)","D+P",false,true,"[?] Shared login (not per-person — whoever from Reliable is on shift signs in). Please confirm short username preference: proposing reliable1@ rather than the long reliable.agency.caregiver1@."],
-    ["Reliable Agency shared login #2","Agency caregiver","Caregivers (shift staff)","D+P",false,true,"[?] Shared login (not per-person — whoever from Reliable is on shift signs in). Please confirm short username preference: proposing reliable2@ rather than the long reliable.agency.caregiver2@."],
+    // Caregivers — agency shared-login accounts (usernames confirmed by John 2026-04-22)
+    ["Reliable Agency shared login #1","Agency caregiver","Caregivers (shift staff)","D+P",false,true,"Shared login — whoever from Reliable Agency is on shift signs in. Username: reliable1@cascadestucson.com (confirmed by John)."],
+    ["Reliable Agency shared login #2","Agency caregiver","Caregivers (shift staff)","D+P",false,true,"Shared login — whoever from Reliable Agency is on shift signs in. Username: reliable2@cascadestucson.com (confirmed by John)."],
   ]
 };
 const CAREGIVER_DEPT = "Caregivers (shift staff)";

clients/cascades-tucson/docs/cloud/user-account-rollout-plan.md

@@ -22,16 +22,18 @@ Build every person on the 2026-04-22 CSV into a consistent AD + M365 identity, l
 
 | Persona | Access | Outside | ALIS | Count | Examples |
 |---|---|---|---|---|---|
-| **Office-PHI (external-OK)** | D+P | Y | Y | 19 | Meredith, Megan, Lois, Susan, JD, John Trozzi, Lupe |
+| **Office-PHI (external-OK)** | D+P | Y | Y | 18 | Meredith, Megan, Lois, Susan, Alma, JD, John Trozzi, Lupe |
 | **Office-PHI (in-building)** | D+P | N | Y | 2 | Allison Reibschied, Sharon Edwards |
 | **Office non-PHI (in-building)** | D+P | N | N | 1 | Ramon Castaneda |
+| **Maintenance (in-building PHI)** | D+P | N | Y | 1 | Matt Brooks |
 | **Courtesy Patrol** | D+P | N | N | 3 | Sebastian Leon, Sheldon Gardfrey, Ray Rai |
 | **Shared-PC Reception** | D | N | N | 4 | Cathy, Shontiel, Kyla, Michelle |
-| **Driver (phone-only)** | P | N | N | 3 | Richard Adams, Julian Crim, Christopher Holick |
 | **Caregiver (shared-phone)** | D+P | N | Y | 37 | See caregiver-m365-p2-rollout.md |
-| **Agency placeholder** | D+P | N | Y | 2 | "Reliable Agency 1/2" |
+| **Agency shared login** | D+P | N | Y | 2 | `reliable1`, `reliable2` |
+| **Driver (no IT access)** | — | — | — | 3 | Richard Adams, Julian Crim, Christopher Holick — on roster for tracking, existing AD accounts to be disabled |
+| **Departed (disable/remove)** | — | — | — | 2 | Britney Thompson (has AD+M365, must be disabled), Polett Pinazavala (no account, just remove from roster) |
 
-(Totals: 71 including agency placeholders. Office: 29, Reception: 4, Drivers: 3, Caregivers: 37 + 2 agency = 39. One person — Christine Nyanzunda — sits in two personas: MC Admin + part-time MedTech, one account, caregiver-tier controls apply when on shift.)
+(Identities to create or keep active: **68**. Roster-only-no-account: 3 drivers. Departures: Britney + Polett. Christine Nyanzunda sits in one persona — Office-PHI — with her caregiver-shift sign-in handled via exception group if needed.)
 
 ## 3. License mapping per persona
 
@@ -44,21 +46,21 @@ Build every person on the 2026-04-22 CSV into a consistent AD + M365 identity, l
 |---|---|---|
 | Office-PHI (external-OK) | **Business Premium** | CA: compliant device OR trusted location |
 | Office-PHI (in-building) | **Business Premium** | CA: trusted location only |
-| Office non-PHI (in-building) | Business Standard (or Premium if tenant-wide) | CA: trusted location only if we go that route |
+| Office non-PHI (in-building) | Business Standard (or Premium if tenant-wide) | CA: trusted location only |
+| Maintenance PHI (Matt Brooks) | **Business Premium** | MC-adjacent role, ALIS=Y |
 | Courtesy Patrol | Business Standard | Could be F3 if they don't need full desktop Office; confirm with Meredith |
 | Shared-PC Reception | Business Standard | Frontdesk@ stays as shared mailbox, named accounts read it |
-| Driver (phone-only) | **F3** | Phone-tier, no desktop install, Transportation@ shared mailbox |
 | Caregiver | **Business Premium** | Per `caregiver-m365-p2-rollout.md` — P2 is load-bearing for shared-phone CA |
-| Agency placeholder | Do not license | Create AD-only accounts if they need ALIS web login; otherwise omit |
+| Agency shared login | **Business Premium** | Same CA posture as caregivers (shared-phone, building-only) |
+| Driver | **None** | No IT access — accounts disabled. License previously used (if any) harvested. |
+| Britney Thompson (departing) | **None** (harvest) | Disable account, free Business Standard + Exchange Online Essentials |
 
 Expected license count at full rollout:
-- Business Premium: 19 (office PHI ext) + 2 (office PHI int) + 37 caregivers = **58**
-- Business Standard: 1 + 3 courtesy + 4 reception = **8**
-- F3: 3 drivers = **3**
+- Business Premium: 18 (office PHI ext) + 2 (office PHI int) + 1 (Matt) + 37 caregivers + 2 agency = **60**
+- Business Standard: 1 (Ramon) + 3 courtesy + 4 reception = **8**
+- F3: 0 (drivers no longer need accounts)
 
-Totals bracket the `p2-staff-candidates.md` estimate of ~61 Premium.
-
-**Post-2026-04-22 update:** With the building-only-by-default CA decision confirmed, every licensed user needs Entra P1 coverage (either via Business Premium, or Business Standard + standalone Entra P1, or F3 + standalone Entra P1). Without P1, CA policies don't apply and the user sidesteps the default-deny. This effectively collapses the mixed-SKU table above into a recommendation for **Business Premium tenant-wide** — the Business Standard and F3 rows stay in the table only as a reference for what we'd buy if budget forces unbundling. Proceed with Premium-tenant-wide unless Meredith pushes back.
+**Post-2026-04-22 update:** With the building-only-by-default CA decision confirmed, every licensed user needs Entra P1 coverage (either via Business Premium, or Business Standard + standalone Entra P1). Without P1, CA policies don't apply and the user sidesteps the default-deny. This effectively collapses the mixed-SKU table above into a recommendation for **Business Premium tenant-wide (~68 seats)** — the Business Standard rows stay in the table only as a reference for what we'd buy if budget forces unbundling. Proceed with Premium-tenant-wide unless Meredith pushes back. Britney's harvested Business Standard + Exchange Online Essentials license plus any freed driver licenses go back into the pool to offset the Premium purchase.
 
 ## 4. AD OU + group layout (proposed)
 
@@ -104,7 +106,7 @@ This collapses the earlier per-persona policy matrix into two primary CA policie
 | `CSC - Caregivers Shared Phone` | `SG-Caregivers` | Already designed per `caregiver-m365-p2-rollout.md` (shared-phone Intune + named location) |
 | `CSC - Drivers Phone-Only` | `SG-Drivers` | Require compliant Intune-managed phone; no web fallback. Drivers added to `SG-External-Signin-Allowed` as well if they need off-site phone access. |
 
-**Initial `SG-External-Signin-Allowed` membership** — seed from the CSV's Outside=Y column. All 19 office-PHI staff plus Britney Thompson (pending posture confirmation). Everyone else stays on the default building-only policy until Meredith adds them.
+**Initial `SG-External-Signin-Allowed` membership** — seed from the CSV's Outside=Y column, post-2026-04-22 updates. All 18 office-PHI staff (including Alma R Montt). Everyone else stays on the default building-only policy until Meredith adds them. Britney is no longer on this list — she departed 2026-04-22.
 
 **Named location "Cascades Building":** Define once, reuse. Use the site's public IP range(s) from pfSense NAT (`clients/cascades-tucson/pfsense-firewall.sops.yaml`).
 
@@ -118,15 +120,16 @@ These must be resolved before creating or converting accounts. See also `cascade
 
 | Discrepancy | Status | Action |
 |---|---|---|
-| **Britney Thompson** — in AD (enabled, Memory Care Nurse), NOT on returned CSV | **Resolved 2026-04-22 (Howard) — still employed. Desktop + maybe Phone.** | Keep existing AD account. Treat as Office-PHI / clinical (D+P, ALIS=Y). Confirm phone tier and Outside posture with Meredith. |
-| **Polett Pinazavala** — on 2026-04-18 caregiver roster, NOT on returned CSV | **Resolved 2026-04-22 (Howard) — still employed. Setup declared in email: MedTech — Memory Care (Tue–Sat), D+P, ALIS=Y, Outside=N.** | Keep on caregiver roster. Include in Wave 3 caregiver account creation unless Meredith/John push back on the declared setup. |
+| **Britney Thompson** — in AD (enabled, Memory Care Nurse) | **RESOLVED 2026-04-22 (John's reply) — DEPARTED.** | Disable AD account `britney.thompson`. Convert mailbox to shared (or archive + delete). Remove Business Standard + Exchange Online Essentials license (harvested). Remove from any security groups. |
+| **Polett Pinazavala** — was on 2026-04-18 caregiver roster | **RESOLVED 2026-04-22 (John's reply) — DEPARTED.** | Remove from roster. No existing account — no AD/M365 action needed. |
+| **Drivers (Richard Adams, Julian Crim, Christopher Holick)** — all have AD accounts + Transportation@ shared mailbox | **Decision 2026-04-22 (Howard) — drivers no longer get IT access.** | Disable the 3 AD accounts. Keep them on the working roster for employee tracking. Separate decision: keep or retire `Transportation@` shared mailbox — ask Meredith. |
 | **Christine Nyanzunda** — one person, MC Admin + part-time Sun/Mon MedTech | **Resolved 2026-04-22 (Howard) — one account covers both roles.** | Single account in `OU=Care-MemoryCare`. Default building-only CA policy. When she's covering a MedTech shift she logs into the shared MC phone with her own account. If that sign-in gets blocked by the shared-phone CA, add her to a specific exception group rather than splitting into two accounts. |
-| **Alma R Montt** — on CSV (Life Enrichment), NOT in AD, title blank | **Username assigned 2026-04-22 (Howard): `Alma.Montt`.** Title still pending Meredith. | Create AD account at `Alma.Montt` (UPN `alma.montt@cascadestucson.com`). Populate title once Meredith answers. |
-| **Kyla Quick Tiffany** — on CSV and in AD "needs account" list | **Username assigned 2026-04-22 (Howard, per Kyla's preference): `Kyla.QuickTiffany`** — last name treated as a single word. | Create AD account at `Kyla.QuickTiffany` (UPN `kyla.quicktiffany@cascadestucson.com`). Persona: Shared-PC Reception. |
-| **Ederick Yuzon** — spelling not confirmed | Still pending Meredith. | Block on creation; use `Ederick.Yuzon` tentatively if Meredith confirms. |
+| **Alma R Montt** — on CSV (Life Enrichment), NOT in AD | **RESOLVED 2026-04-22 (John's reply).** Username `Alma.Montt`, title "Memory Care Life Enrichment", D+P, ALIS=Y, Outside=Y. LE staff assigned to Memory Care residents — stays in `OU=Life Enrichment`. | Create AD account `Alma.Montt` (UPN `alma.montt@cascadestucson.com`). Add to SG-External-Signin-Allowed (Outside=Y). |
+| **Kyla QuickTiffany** — on CSV and in AD "needs account" list | **Resolved 2026-04-22 (Howard, per Kyla's preference): `Kyla.QuickTiffany`** — last name treated as a single word. | Create AD account `Kyla.QuickTiffany` (UPN `kyla.quicktiffany@cascadestucson.com`). Persona: Shared-PC Reception. Building-only, no outside sign-in. |
+| **Ederick Yuzon** — spelling not confirmed | **Still pending Meredith/John.** | Block on creation of his caregiver account only. Everyone else proceeds. Tentative: `Ederick.Yuzon` if needed to unblock Wave 3. |
 | **Matt Brooks** — AD dept = Maintenance, CSV note "works in both departments" | Confirmed (CSV-inline). | Keep in Maintenance OU; add to secondary MC group for access overlap. |
 | **37 caregivers** — on CSV, none in AD | Unchanged. | Create all 37 AD accounts (+ M365) in Wave 3. |
-| **2 agency placeholders** — on CSV, not in AD | **Decision 2026-04-22 (Howard, asked Meredith for username preference):** shared agency-login accounts, not per-person. Proposed usernames `reliable1@` and `reliable2@` (fallback to `reliable.agency.caregiver1/2@` if Meredith prefers long form). | Create 2 shared AD/M365 accounts once username preference comes back. Shared accounts = caveat on audit attribution — whoever is on shift uses the shared login, so individual accountability in audit logs is weaker for agency staff. Acceptable tradeoff given we don't have agency-staff names. |
+| **2 agency placeholders** — on CSV, not in AD | **RESOLVED 2026-04-22 (John's reply) — usernames `reliable1` / `reliable2` confirmed. Shared logins, not per-person.** | Create 2 shared AD/M365 accounts: `reliable1@cascadestucson.com` and `reliable2@cascadestucson.com`. Audit attribution caveat: individual accountability in sign-in logs is weaker because multiple people share the account. Acceptable tradeoff. |
 | **Generic AD accounts** (`Culinary`, `RECEPTIONIST`, `saleshare`, `directoryshare`) | Unchanged. | Phase 5 cleanup after named-account coverage. |
 
 **Username convention for new accounts:** TitleCase `First.Last` (e.g., `Alma.Montt`, `Kyla.QuickTiffany`). Existing lowercase exceptions in AD (`britney.thompson`, `karen.rossini`, `lauren.hasselman`) are the known legacy cases — leave as-is, don't rename. All net-new accounts follow TitleCase.
@@ -134,13 +137,18 @@ These must be resolved before creating or converting accounts. See also `cascade
 ## 7. Rollout sequence
 
 ### Wave 0 — Pre-flight (blocks waves 1+)
-- Get answers to the 4 remaining email questions: Britney flags, Alma title, Ederick spelling, agency short-username preference
+- **Ederick Yuzon spelling** — only remaining email blocker. Blocks Wave 3 only (his caregiver account); does NOT block Waves 1/2.
 - Final license decision (Business Premium tenant-wide vs. mixed) — recommendation is Premium tenant-wide, needs Meredith sign-off
 - Purchase license count locked in
 
-### Wave 1 — New office accounts (low blast radius)
-- Create AD + M365 for Alma R Montt (`Alma.Montt`) and Kyla QuickTiffany (`Kyla.QuickTiffany`) — the only new office/reception accounts the CSV produces
-- Validate group membership + CA policy assignment on these two before touching anyone else
+### Wave 1 — Departures + new office accounts (ready to execute)
+- Disable `britney.thompson` AD account; convert mailbox to shared; harvest Business Standard + Exchange Online Essentials license
+- Disable 3 driver AD accounts (`Richard.Adams`, `Julian.Crim`, `Christopher.Holick`)
+- Ask Meredith whether to keep or retire `Transportation@` shared mailbox
+- Create AD + M365 for Alma R Montt (`Alma.Montt` — Memory Care Life Enrichment, D+P, ALIS=Y, Outside=Y)
+- Create AD + M365 for Kyla QuickTiffany (`Kyla.QuickTiffany` — Shared-PC Reception, D only, building-only)
+- Create AD + M365 for `reliable1@` and `reliable2@` (shared agency logins, D+P, ALIS=Y, building-only)
+- Validate group membership + CA policy assignment on the new accounts before moving to Wave 2
 - Pilot the `CSC - Building Only (Default)` policy with Kyla
 
 ### Wave 2 — Existing office accounts, reassignment only
@@ -180,21 +188,19 @@ Applies to Wave 1 + Wave 3 (and any future hire). Precise script will be built l
 
 ## 10. Open decisions blocking the rollout
 
-1. **Business Premium tenant-wide vs. mixed SKUs** — Meredith, tied to the upgrade proposal. Building-only-by-default decision reinforces Premium tenant-wide (see §5).
-2. **Britney Thompson phone Y/N + Outside Y/N** — Meredith/John, asked in the 2026-04-22 email.
-3. **Alma R Montt title** — Meredith/John, asked in the 2026-04-22 email (admin / manager / other in LE?).
-4. **Ederick Yuzon spelling** — Meredith/John, asked in the 2026-04-22 email.
-5. **Agency shared-login short username** — Meredith/John, asked in the 2026-04-22 email (proposed `reliable1` / `reliable2`).
-6. **Drivers: F3 or Business Standard?** — Meredith (cost vs. Office install need). Drivers need allow-list membership to sign in off-site, so whichever tier must include P1 for CA coverage (F3 does not; Business Premium or Business Standard + Entra P1 add-on required).
+1. **Business Premium tenant-wide vs. mixed SKUs** — Meredith, tied to the upgrade proposal. Building-only-by-default decision reinforces Premium tenant-wide (see §5). **Only remaining BIG decision.**
+2. **Ederick Yuzon spelling** — Meredith/John, asked in the 2026-04-22 email and not yet answered. Only blocks Ederick's own account creation, not the rest of Wave 3.
+3. **Transportation@ shared mailbox** — keep for dispatch/scheduling emails or retire once driver AD accounts are disabled?
 
-**Resolved 2026-04-22 (Howard):**
+**Resolved 2026-04-22:**
 - Restrict-everyone default vs. selective → **building-only by default, allow-list for exceptions** (§5).
 - Christine Nyanzunda → one account covers both roles.
-- Kyla Quick Tiffany username → `Kyla.QuickTiffany` (her preference — confirmed by Howard).
-- Alma R Montt username → `Alma.Montt`.
-- Britney Thompson → still employed; stays in AD. Access-posture flags still open.
-- Polett Pinazavala → still employed. Declared setup (D+P, ALIS=Y, Outside=N, MedTech Memory Care Tue–Sat) announced in 2026-04-22 email; will proceed unless Meredith/John push back.
-- Agency placeholders → shared-login accounts (not per-person). Username short-form proposed but preference still open.
+- Kyla → `Kyla.QuickTiffany` (her preference).
+- Alma R Montt → `Alma.Montt`, title "Memory Care Life Enrichment", D+P, ALIS=Y, Outside=Y (answered by John).
+- Britney Thompson → **departed (John)**. Disable AD + harvest license.
+- Polett Pinazavala → **departed (John)**. Remove from roster.
+- Agency shared logins → usernames `reliable1` / `reliable2` (confirmed by John).
+- Drivers → no IT access per Howard. Disable 3 AD accounts. Stay on roster for tracking.
 
 ## 11. Related docs
 

clients/cascades-tucson/docs/servers/active-directory.md

@@ -38,16 +38,16 @@
 | Ramon Castaneda | Ramon.Castaneda | Kitchen Manager | Culinary | first.last@ | |
 | Michelle Shestko | Michelle.Shestko | Resident Services Receptionist | Resident Services | MC Front Desk | |
 | Sharon Edwards | Sharon.Edwards | Life Enrichment Assistant | Life Enrichment | first.last@ | PC: DESKTOP-DLTAGOI |
-| Britney Thompson | britney.thompson | Memory Care Nurse | Care, Assisted Living | first.last@, Nurses@ | lowercase SamAccountName |
+| Britney Thompson | britney.thompson | Memory Care Nurse | Care, Assisted Living | first.last@, Nurses@ | **DEPARTED 2026-04-22 per John — disable account + harvest license** |
 | Shelby Trozzi | Shelby.Trozzi | Memory Care Director | Care, Memory Care | first.last@ | Renamed from strozzi (2026-04-13) |
 | Karen Rossini | karen.rossini | Health Services Manager | Care, Assisted Living | first.last@, Nurses@ | lowercase SamAccountName |
 | Sheldon Gardfrey | Sheldon.Gardfrey | RS Courtesy Patrol | Resident Services | Frontdesk@, Courtesypatrol@ | |
 | Cathy Kingston | Cathy.Kingston | Resident Services Receptionist | Resident Services | Frontdesk@ | |
 | Shontiel Nunn | Shontiel.Nunn | Resident Services Receptionist | Resident Services | Frontdesk@ | |
 | Ray Rai | Ray.Rai | RS Courtesy Patrol | Resident Services | Frontdesk@ | |
-| Richard Adams | Richard.Adams | Driver | Transportation | Transportation@ | |
-| Julian Crim | Julian.Crim | Driver | Transportation | Transportation@ | |
-| Christopher Holick | Christopher.Holick | Driver | Transportation | Transportation@ | Fixed from Holik (2026-04-13) |
+| Richard Adams | Richard.Adams | Driver | Transportation | Transportation@ | **2026-04-22: disable — drivers no longer get IT access** |
+| Julian Crim | Julian.Crim | Driver | Transportation | Transportation@ | **2026-04-22: disable — drivers no longer get IT access** |
+| Christopher Holick | Christopher.Holick | Driver | Transportation | Transportation@ | Fixed from Holik (2026-04-13). **2026-04-22: disable — drivers no longer get IT access** |
 | Lauren Hasselman | lauren.hasselman | Business Office Director | Administrative | first.last@, Accounting@ | Replaced Jeff Bristol. lowercase SamAccountName |
 | Allison Reibschied | Allison.Reibschied | Accounting Assistant | Administrative | first.last@ | Added 2026-03-13. PC: ACCT2-PC |
 | QBDataServiceUser34 | QBDataServiceUser34 | — | — | — | QuickBooks service account |

clients/cascades-tucson/scripts/build-open-questions-docx.py

@@ -10,55 +10,19 @@ from xml.sax.saxutils import escape
 
 OUT = "clients/cascades-tucson/docs/cloud/questionnaires/cascades-staff-open-questions-2026-04-22.docx"
 
-TITLE = "Cascades — Open Items on Staff Access List"
-SUBTITLE = "2026-04-22  ·  prepared by Howard Enos, Computer Guru  ·  matches the 2026-04-22 email"
+TITLE = "Cascades — One Outstanding Item on Staff Access List"
+SUBTITLE = "2026-04-22  ·  prepared by Howard Enos, Computer Guru  ·  post John's reply"
 
 INTRO = (
-    "Thank you for sending back the staff list. Almost everything is squared away. "
-    "Below are the few items I still need from you. One of them (Polett) is NOT a "
-    "question — it is the setup I am planning to use; stop me if it's wrong. The rest "
-    "are questions. Short answers are fine. I will send a full list for you all to "
-    "look over separately."
+    "Thank you for getting back to me on the staff list — almost everything is squared "
+    "away now. Britney and Polett have been removed from the roster (no longer employees), "
+    "Alma's title and access are set (Memory Care Life Enrichment, D+P, ALIS, offsite), "
+    "and the two Reliable Agency shared logins will use the short names reliable1 and "
+    "reliable2 as you requested. Drivers will stay on the roster for tracking but no "
+    "longer get Cascades IT accounts. There is one small item still outstanding — see below."
 )
 
 QUESTIONS = [
-    {
-        "name": "Britney Thompson",
-        "dept": "Assisted Living Nursing / Clinical",
-        "context": (
-            "Britney has an active Active Directory account today as Memory Care Nurse. "
-            "She was not on the staff list you returned; Howard has confirmed she is still "
-            "an employee, so the account stays active. I just need the two flags below."
-        ),
-        "questions": [
-            "Phone — Y or N? (Does she need a Cascades-issued phone / business cell, in addition to a desktop?)",
-            "Outside sign-in — Y or N? (Default for everyone is N / building-only. Mark Y only if she legitimately works off-site.)",
-        ],
-    },
-    {
-        "name": "Alma R Montt",
-        "dept": "Life Enrichment",
-        "context": (
-            "Alma was on the returned list but the Title / Role column was blank. "
-            "I see she is in Life Enrichment — is she an admin, manager, or something else?"
-        ),
-        "questions": [
-            "What is Alma's title or role? (It will go on her account and email signature.)",
-        ],
-    },
-    {
-        "name": "Polett Pinazavala  —  NOT a question, just a heads-up",
-        "dept": "Caregivers (Memory Care, MedTech, Tue–Sat)",
-        "context": (
-            "Polett was on an earlier caregiver roster (MedTech, Memory Care, AM shift) but she was "
-            "not on the list you sent back. Howard has confirmed she is still an employee. Unless you "
-            "tell me otherwise, this is the setup she will get:"
-        ),
-        "questions": [
-            "MedTech — Memory Care (Tue–Sat), Desktop + phone, ALIS access, NO outside sign-in. "
-            "Stop me below if any of that is wrong — otherwise no action needed.",
-        ],
-    },
     {
         "name": "Ederick Yuzon",
         "dept": "Caregivers (Tower, Tue–Sat)",
@@ -69,34 +33,12 @@ QUESTIONS = [
             "Is his first name spelled \"Ederick\", \"Edrick\", or something else?",
         ],
     },
-    {
-        "name": "Reliable Agency caregiver #1 (shared login)",
-        "dept": "Caregivers — Agency",
-        "context": (
-            "John added this agency row without a specific person's name, so I am treating it as a "
-            "shared login — whichever Reliable Agency caregiver is on shift signs in with this account. "
-            "That works, but I want to keep the username short."
-        ),
-        "questions": [
-            "What short username would you like for this shared account? "
-            "`reliable.agency.caregiver1` is long — I can use `reliable1` instead. OK, or prefer something else?",
-        ],
-    },
-    {
-        "name": "Reliable Agency caregiver #2 (shared login)",
-        "dept": "Caregivers — Agency",
-        "context": (
-            "Same situation as #1."
-        ),
-        "questions": [
-            "Short username for the second shared agency login? Proposed: `reliable2`.",
-        ],
-    },
 ]
 
 CLOSING = (
-    "Once I have these answers back, I will set up every account in one pass and let you know "
-    "when they are ready for the users to sign in. Thank you!"
+    "Once that spelling is confirmed I will build every caregiver account in one pass. "
+    "The rest of the setup (Alma, Kyla, the two Reliable shared logins, and disabling "
+    "Britney's + the three driver accounts) is ready to start. Thank you!"
 )
 
 # -----------------------------------------------------------------------------