wiki: compile starr-pass (seed) — M365 onboarding, SPF cleanup, user audit 2026-06-10

wiki/clients/starr-pass.md

@@ -0,0 +1,115 @@
+---
+type: client
+name: starr-pass
+display_name: Starr Pass Realty
+last_compiled: 2026-06-10
+compiled_by: 2026-06-10-discord-bot-dns-spf-m365-onboarding
+sources:
+  - clients/starr-pass/session-logs/2026-06/2026-06-10-discord-bot-dns-spf-m365-onboarding.md
+  - session-logs/2026-03-24-session.md
+backlinks:
+  - systems/ix-server
+  - clients/internal-infrastructure
+  - projects/msp-tools
+---
+
+# Starr Pass Realty
+
+## Profile
+- **Contract type:** (verify)
+- **Key contacts:**
+  - Brian Shinn — primary M365 admin (sysadmin@starrpass.com)
+  - Chris Ansley — legacy Neptune mailbox / AD account (cansley@devconllc.com)
+- **Billing rate:** (verify)
+- **Hours remaining (if prepaid):** (verify)
+- **Active ticket:** (verify)
+
+## Infrastructure
+
+### Servers & Services
+| Host | IP | Role | OS | Notes |
+|---|---|---|---|---|
+| ix.azcomputerguru.com | 72.194.62.5 | Shared hosting (cPanel) | Rocky Linux | Account "starrpass"; parked, 16 MB, no active mailboxes |
+| mail.acghosting.com | (verify) | Neptune Exchange (legacy) | (verify) | Legacy mailbox cansley@devconllc.com; Chris Ansley / Starr Pass association |
+
+### Email & Identity
+- **M365 tenant:** starrpass.onmicrosoft.com (tenant ID: 222450dd-141f-435f-87b8-cec719aac99e)
+- **Primary domain:** starrpass.com
+- **MX / mail flow:** starrpass-com.mail.protection.outlook.com (priority 0); SPF: `v=spf1 include:spf.protection.outlook.com -all` (cleaned 2026-06-10)
+- **DKIM:** selector1 / selector2 CNAMEs → starrpass.onmicrosoft.com (M365 native); legacy `default._domainkey` RSA TXT still present as of 2026-06-10 — pending removal
+- **Autodiscover:** CNAME → autodiscover.outlook.com
+- **Mailprotector:** CloudFilter account "Starr Pass" (account ID 16170); filtering domain devconllc.com (domain ID 27629)
+- **MFA status:** (verify)
+- **MDE license:** Not present as of 2026-06-10
+
+### M365 Users (as of 2026-06-10, post-cleanup)
+| UPN | Display Name | Status | Notes |
+|---|---|---|---|
+| sysadmin@starrpass.com | Brian Shinn | Enabled, licensed | Sole remaining account |
+| bshinn@starrpass.com | Brian Shinn | Deleted 2026-06-10 | In recycle bin until ~2026-07-10 |
+| sss@starrpass.com | Sharon Shinn-Smith | Deleted 2026-06-10 | In recycle bin until ~2026-07-10 |
+| admin@starrpass.com | Admin | Deleted 2026-06-10 | Was disabled and unlicensed |
+
+### MSP App Consent (M365, completed 2026-06-10)
+- All 5 MSP apps consented; directory roles assigned
+- Tenant Admin: Conditional Access Administrator
+- Security Investigator + Exchange Operator: Exchange Administrator
+- User Manager: User Administrator + Authentication Administrator
+
+### DNS (starrpass.com — ns1/ns2.acghosting.com)
+| Record | Type | Value | Notes |
+|---|---|---|---|
+| @ | A | 72.194.62.5 | IX server |
+| @ | MX (p0) | starrpass-com.mail.protection.outlook.com | M365 |
+| @ | TXT (SPF) | v=spf1 include:spf.protection.outlook.com -all | Cleaned 2026-06-10 |
+| autodiscover | CNAME | autodiscover.outlook.com | |
+| selector1._domainkey | CNAME | selector1-starrpass-com._domainkey.starrpass.onmicrosoft.com | M365 DKIM |
+| selector2._domainkey | CNAME | selector2-starrpass-com._domainkey.starrpass.onmicrosoft.com | M365 DKIM |
+| default._domainkey | TXT | Legacy RSA key (IX mail era) | Pending removal |
+
+### Related Domains
+- **starrpassrealty.com** — Cloudflare DNS; no MX records; not ACG-hosted
+- **devconllc.com** — Mailprotector-filtered (domain ID 27629); legacy Neptune mailbox in use
+
+### Domain Registration
+- **Registrar:** eNom, LLC
+- **Expiry:** 2027-06-24
+- **Nameservers:** ns1.acghosting.com / ns2.acghosting.com
+
+### Network
+- **ISP / WAN:** (verify)
+- **Firewall:** (verify)
+- **VPN:** (verify)
+
+## Access
+- **cPanel (IX):** ix.azcomputerguru.com — account: starrpass (vault: `infrastructure/ix-server.sops.yaml`)
+- **M365 Admin:** https://admin.microsoft.com (tenant: starrpass.onmicrosoft.com)
+- **Vault path:** `clients/starr-pass/` (verify — no client-specific vault entries yet)
+
+## Patterns & Known Issues
+
+- Legacy DNS accumulation: SPF included IX/websvr IPs long after M365 migration; 4 orphaned SRV records required fleet-wide cleanup in March 2026. Zone should be audited before any future DNS work.
+- `default._domainkey` legacy RSA TXT record persists after M365 DKIM migration — flagged for removal, not yet deleted as of 2026-06-10.
+- devconllc.com / Neptune legacy mailbox (cansley@devconllc.com) creates a dual-system mail dependency. No decommission plan established.
+- starrpassrealty.com has no MX and is not managed for mail — confusion risk if end users expect it to receive email.
+
+## Active Work
+
+- Remove `default._domainkey` legacy TXT record from starrpass.com DNS on IX
+- Confirm decommission plan for cansley@devconllc.com Neptune mailbox and AD account cansley_starrpass.c (acg.local / Dataforth DC16)
+- Verify MFA enrollment for sysadmin@starrpass.com
+- No Syncro customer record on file — create if billable work begins
+
+## History Highlights
+
+- **2026-03-24** — 4 orphaned SRV records removed from starrpass.com DNS (fleet-wide cleanup, 240 records across 27 domains)
+- **2026-06-10** — M365 tenant onboarded: all 5 MSP apps consented, all directory roles assigned
+- **2026-06-10** — SPF record cleaned (removed legacy `+a`, `+ip4:72.194.62.5`, `+ip4:162.248.93.233`); MX confirmed M365
+- **2026-06-10** — M365 user cleanup: bshinn, sss, admin accounts deleted; sysadmin@starrpass.com retained as sole licensed user
+- **2026-06-10** — Mailprotector CloudFilter account confirmed (ID 16170, filtering devconllc.com ID 27629)
+
+## Backlinks
+
+- [[systems/ix-server]] — cPanel account "starrpass"; DNS nameservers on ACG IX
+- [[clients/internal-infrastructure]] — Neptune Exchange hosts legacy cansley@devconllc.com mailbox; AD account cansley_starrpass.c on acg.local (DC16)
+- [[projects/msp-tools]] — Mailprotector CloudFilter; remediation tooling applied 2026-06-10