diff --git a/clients/dataforth/session-logs/2026-06-01-cbell-m365-bobbi-outlook.md b/clients/dataforth/session-logs/2026-06-01-cbell-m365-bobbi-outlook.md
new file mode 100644
index 0000000..81bc13d
--- /dev/null
+++ b/clients/dataforth/session-logs/2026-06-01-cbell-m365-bobbi-outlook.md
@@ -0,0 +1,38 @@
+# Dataforth — Chauncey Bell M365 verify/reset + Bobbi Outlook printing
+
+**Date:** 2026-06-01
+**Mode:** infra / M365
+**Ticket:** #32364 (onsite, 0.5 hr)
+
+## User
+- **User:** Howard Enos (howard)
+- **Machine:** Howard-Home
+- **Role:** tech
+
+---
+
+## Chauncey Bell (cbell@dataforth.com)
+
+Verified via Graph (Claude-Code-M365 app, tenant 7dfa3ce8-...):
+
+- **Account:** active, enabled, `Member`, UPN/mail `cbell@dataforth.com`, created 2023-12-07, US.
+- **Mailbox:** active Exchange Online (`EXCHANGE_S_STANDARD` provisioned).
+- **License:** **Microsoft 365 Business Standard** (SKU `O365_BUSINESS_PREMIUM` / `f245ecc8-75af-4f8e-b61f-27d8114de5f3`) — full desktop Office apps (`OFFICE_BUSINESS`) + Teams + SharePoint + Exchange. Licensed, not just online.
+- Naming note: `O365_BUSINESS_PREMIUM` is Microsoft's legacy SKU name for **Business Standard** — one of the 50 "Business Premium"-listed seats in the wiki, which are really Business Standard (the true Business Premium / SPB pool is the separate 5x `cbdb14ac` SKU).
+
+**Password reset (he had never logged in / didn't know it):**
+- cbell is **AD-synced** (`onPremisesSyncEnabled = true`), so the password is on-prem-mastered. Reset done in **on-prem AD via AD2** (`Set-ADAccountPassword`), NOT in M365 (a cloud/Graph reset would fail or be overwritten by sync).
+- Set to a temporary password, **`ChangePasswordAtLogon = $false`** (so Howard's Office login wasn't interrupted); Chauncey to change it himself later.
+- Password Hash Sync pushed it to M365 in ~2 min; Howard confirmed the Office sign-in worked.
+- **AD location:** `CN=Chauncey Bell,OU=Azure_Users,DC=intranet,DC=dataforth,DC=com` — note this is **OU=Azure_Users**, and it IS syncing to Entra, which contradicts the wiki's "OU=SyncedUsers only" note (corrected in wiki).
+
+## Bobbi — Outlook printing
+
+- Reported printing failures from Outlook. **Switched her to Outlook (Classic)** — printing works without issues. (Known new-Outlook printing bug; Classic is the workaround.)
+
+## Billing
+- **Ticket #32364** (Dataforth Corp), 0.5 hr **onsite** (`26118`) covering both cbell + Bobbi. Invoice **#67757** = $0.00, applied 0.5 prepay hr. Customer-visible "Work Performed" note added. https://computerguru.syncromsp.com/tickets/111895931
+- Prepay check: block read 35.5 after, but our 0.5 applied exactly — the larger drop was **Mike's concurrent invoice #67755** on his ticket **#32320** (afterhours ESXi, 3.0 hr remote). `40.0 → #32361 (1.0) → 39.0 → #32320 (3.0) + #32364 (0.5) → 35.5`.
+
+## Earlier today (separate log)
+- AOI XP VLAN + SMB1 backup share — see `2026-06-01-aoi-xp-vlan-share.md` (ticket #32361).
diff --git a/wiki/clients/dataforth.md b/wiki/clients/dataforth.md
index bf536b9..8b0ac75 100644
--- a/wiki/clients/dataforth.md
+++ b/wiki/clients/dataforth.md
@@ -39,6 +39,7 @@ sources:
   - .claude/memory/infra_office_network.md
   - clients/dataforth/session-logs/2026-06-01-aoi-xp-vlan-share.md
   - clients/dataforth/docs/aoi-xp-vlan-backup-runbook.md
+  - clients/dataforth/session-logs/2026-06-01-cbell-m365-bobbi-outlook.md
 backlinks:
   - projects/dataforth-dos
   - systems/jupiter
@@ -116,7 +117,7 @@ Signal conditioning / data acquisition manufacturer in Tucson, AZ. Long-standing
 ### Email & Identity
 
 - **M365 tenant:** dataforth.com | Tenant ID: `7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584`
-- **Entra ID Sync:** Yes — Azure AD Connect from OU=SyncedUsers only
+- **Entra ID Sync:** Yes — Azure AD Connect. Synced OUs include **OU=SyncedUsers** and **OU=Azure_Users** (cbell confirmed in OU=Azure_Users and syncing, 2026-06-01) — the earlier "SyncedUsers only" note was incomplete.
 - **M365 licenses:** 50x Business Premium (39 used), 19x Exchange Online Plan 1 (5 used), 5x SPB (4 used)
 - **SMTP settings:** smtp.office365.com, port 587, STARTTLS — use `sysadmin@dataforth.com`
 - **SMTP AUTH status:** Tenant-level not disabled; per-mailbox varies. `calibration@dataforth.com` had SmtpClientAuthentication=true re-enabled 2026-04-23. `sysadmin@dataforth.com` SMTP AUTH is blocked by Exchange Online default — testdatadb uses Graph API for email (Mail.Send permission granted to Claude-Code-M365 app 2026-05-12).
@@ -204,7 +205,7 @@ Signal conditioning / data acquisition manufacturer in Tucson, AZ. Long-standing
 - **ClaudeTools-ReadOnly AD account** — purpose unclear. Investigate.
 - **Ken Hoffman has two accounts** (khoffman + oemdata) — not consolidated.
 - **jlohr account retained** — post-retirement (2026-03-31), kept enabled specifically to receive ntirety.com infrastructure notifications. Inbox rule forwards to mike@azcomputerguru.com. Do NOT disable.
-- **Entra sync scope:** Only OU=SyncedUsers syncs to Entra. CompanyUsers OU does NOT sync. 38 stale TS-* test station accounts were cleaned from Entra 2026-03-27.
+- **Entra sync scope:** OU=SyncedUsers **and OU=Azure_Users** sync to Entra (cbell confirmed in OU=Azure_Users, synced — 2026-06-01; the prior "SyncedUsers only" note was incomplete). CompanyUsers OU does NOT sync. 38 stale TS-* test station accounts were cleaned from Entra 2026-03-27.
 
 ### RDS / SAGE-SQL
 - **RDS licensing:** Grace period reset 2026-05-06 by deleting GracePeriod registry key. Grace period expires again without proper CALs. Purchase RDS CALs (Per User mode, LicensingType=4).
@@ -277,6 +278,7 @@ As of 2026-06-01:
 | 2026-05-06 | SAGE-SQL RDS issues resolved — grace period reset, SSL cert replaced, TSGateway disabled, RemoteApp permission prompts fixed. |
 | 2026-05-12 | Pipeline audit + email notifications implemented (Graph API). jlohr forwarding configured (ntirety.com → mike@). DKIM keys rotated. |
 | 2026-06-01 | AOI optical-inspection XP PC isolated onto VLAN 2 (mydata/SMT) @ 192.168.1.175; `aoibackup` SMB1 share created on D2TESTNAS locked to the XP only; other NAS shares set to deny the XP. D2TESTNAS confirmed Debian 13 / Samba 4.22.6 (repurposed Netgear ReadyNAS); vault + wiki OS corrected. Mike: AOI may see all of SMT; optional company-LAN/Internet block for the XP still pending. |
+| 2026-06-01 | Chauncey Bell (cbell) M365 verified — active mailbox, licensed Microsoft 365 Business Standard (full Office + Exchange); AD password reset on AD2 (synced user, OU=Azure_Users), signed into Office. Bobbi's Outlook printing fixed by switching to Outlook (Classic). Ticket #32364 (0.5 hr onsite). |
 
 ---