sync: auto-sync from HOWARD-HOME at 2026-05-27 00:31:32
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-05-27 00:31:32
This commit is contained in:
@@ -0,0 +1,116 @@
|
||||
# Cascades of Tucson — Wiki Review
|
||||
|
||||
## User
|
||||
- **User:** Howard Enos (howard)
|
||||
- **Machine:** Howard-Home
|
||||
- **Role:** tech
|
||||
|
||||
---
|
||||
|
||||
## Session Summary
|
||||
|
||||
This session was a full review of the `wiki/clients/cascades-tucson.md` article at Mike's request. Howard went through the wiki section by section, flagging corrections based on onsite knowledge and recent work. Live M365 tenant checks via the remediation tool were used to answer questions that could be resolved without asking Howard.
|
||||
|
||||
The Profile section had several issues: Winter (ACG billing staff, not a Cascades employee) was removed from contacts; Zachary Nelson (Accounting Assistant, already domain-joined and folder-redirect confirmed) was added; Lois Lane (CareTakers department head, DESKTOP-KQSL232, resistant to domain migration) was added with context that John Trozzi is the liaison working with her; ticket #109225085 was removed (Valleywide's Yealink phone inventory, not Cascades); hours remaining corrected from ~37.5h (stale, 2026-05-20) to ~28.0h (as of 2026-05-26 post-billing).
|
||||
|
||||
The Email & Identity section had the most changes. The Yealink SDM entry was removed entirely — Cascades uses Samsung Galaxy A15s enrolled via Intune Shared Device Mode, not Yealink phones; the Yealink SIP-T54W entry had been incorrectly compiled from a Valleywide ticket handled in the same session. ALIS SSO was corrected from "blocked on Medtelligent" to live and working, proven end-to-end with pilot.test on the Galaxy A15 caregiver phones. Entra Connect was updated from "not yet exited staging" to actively syncing (exited staging 2026-05-14, last sync confirmed live as 2026-05-27). DMARC was corrected from p=none to p=quarantine;pct=100 (confirmed via DNS). M365 licensing was clarified: Business Standard is SUSPENDED with 31 users still assigned; 31 SPB (Business Premium) seats are free — relicensing is pending and time-critical. Break-glass accounts were confirmed not created via live tenant check. The remediation tool entry was corrected from "old app fabb3421, tiered suite not consented" to all six ComputerGuru apps confirmed consented in the tenant as of 2026-04-21.
|
||||
|
||||
The Network section was updated to mark the floors 2/3/4 switch hardware replacement as complete. The Patterns & Known Issues section was updated to reflect the CA pilot moving from SG-Caregivers-Pilot to SG-Caregivers after Entra Connect exited staging. The Active Work table was expanded with Crystal Rodriguez (folder redirect confirmed 2026-05-21), Lauren Hasselman (complete 2026-05-23), Megan Hiatt (pending), and the Lois Lane / DESKTOP-KQSL232 blocker. The history table received three missing entries covering 2026-05-14 (Entra Connect staging exit), 2026-05-23 (Lauren folder redirect), and 2026-05-26 (access control vendor meeting, remote diagnosis impossible). The CS-QB VoIP server entry in the infrastructure table was flagged for review — Cascades is moving away from traditional landlines; phones section deferred to a future session.
|
||||
|
||||
---
|
||||
|
||||
## Key Decisions
|
||||
|
||||
- **Yealink SDM removed from Cascades wiki** — confirmed misattributed. The Yealink SIP-T54W phones and YMCS portal entry came from a Valleywide ticket (#109225085) processed in the same session as Cascades work. Cascades caregiver phones are Samsung Galaxy A15s via Intune SDM.
|
||||
- **Live tenant checks used to resolve unverified items** — rather than asking Howard about DMARC, break-glass accounts, licensing, Entra Connect state, and remediation app consent, the Security Investigator app was used to pull live data. Reduced interruptions significantly.
|
||||
- **CS-QB / VoIP entry flagged but not removed** — Cascades is transitioning away from traditional landlines. Entry marked for review rather than deleted; phones section will be revisited in a future session once Howard has more detail.
|
||||
- **Winter removed from Cascades contacts** — she is ACG staff (handles our invoicing, sends bills to Cascades), not a Cascades employee or point of contact.
|
||||
|
||||
---
|
||||
|
||||
## Problems Encountered
|
||||
|
||||
- **ALIS service principal not found via Graph search** — queried Graph for service principals with "ALIS" in display name; returned null. ALIS SSO is working per Howard's confirmation; the app may be registered under a different display name or as a web app type not surfaced by that filter. Not a blocker — Howard confirmed SSO is live.
|
||||
|
||||
---
|
||||
|
||||
## Configuration Changes
|
||||
|
||||
- `wiki/clients/cascades-tucson.md` — comprehensive update across all sections (last_compiled updated to 2026-05-27, compiled_by updated to HOWARD-HOME/claude-main)
|
||||
|
||||
---
|
||||
|
||||
## Credentials & Secrets
|
||||
|
||||
None created or discovered this session. Existing vault paths confirmed:
|
||||
- `clients/cascades-tucson/alis-sso-app-registration.sops.yaml` — Entra app reg + ALIS Inbound Connections Basic Auth + install key
|
||||
- `clients/cascades-tucson/m365-admin.sops.yaml`
|
||||
- `clients/cascades-tucson/m365-sysadmin.sops.yaml`
|
||||
- `clients/cascades-tucson/pfsense-firewall.sops.yaml`
|
||||
- `msp-tools/computerguru-security-investigator.sops.yaml` — used for live tenant checks
|
||||
|
||||
---
|
||||
|
||||
## Infrastructure & Servers
|
||||
|
||||
- **M365 tenant:** cascadestucson.com / `207fa277-e9d8-4eb7-ada1-1064d2221498`
|
||||
- **Entra Connect:** active, last sync 2026-05-27T06:07:20Z
|
||||
- **ComputerGuru apps consented in Cascades tenant:** Security Investigator (`bfbc12a4`), Exchange Operator (`b43e7342`), User Manager (`64fac46b`), Tenant Admin (`709e6eed`), Defender Add-on (`dbf8ad1a`), Intune Manager (`46986910`) — all consented 2026-04-21
|
||||
- **Old AI Remediation app** (`fabb3421`) — still present in tenant, superseded
|
||||
- **Caregiver phones:** 22 Samsung Galaxy A15s, Intune SDM, dynamic group `ea96f4b7-3000-45da-ab1f-ddb28f509526`
|
||||
- **Cascades prepaid block:** ~28.0h as of 2026-05-26
|
||||
- **Syncro customer ID:** 20149445
|
||||
|
||||
---
|
||||
|
||||
## Commands & Outputs
|
||||
|
||||
```bash
|
||||
# License check — key findings
|
||||
SPB (Business Premium): enabled=34, consumed=3 → 31 seats free
|
||||
O365_BUSINESS_PREMIUM (Business Standard): SUSPENDED, consumed=31 → relicensing urgent
|
||||
|
||||
# Break-glass accounts
|
||||
GET /users?filter=startswith(userPrincipalName,'breakglass') → [] (none exist)
|
||||
|
||||
# Entra Connect sync status
|
||||
onPremisesSyncEnabled: true
|
||||
onPremisesLastSyncDateTime: 2026-05-27T06:07:20Z
|
||||
|
||||
# DMARC
|
||||
_dmarc.cascadestucson.com → v=DMARC1;p=quarantine;pct=100;...
|
||||
|
||||
# ComputerGuru apps in tenant
|
||||
6 apps consented — Security Investigator, Exchange Operator, User Manager, Tenant Admin, Defender Add-on, Intune Manager
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Pending / Incomplete Tasks
|
||||
|
||||
- **M365 relicensing** — 31 users on SUSPENDED Business Standard; 31 SPB seats available. Time-critical.
|
||||
- **Break-glass accounts** — `breakglass1-csc@` and `breakglass2-csc@` not created. YubiKey arrival unconfirmed.
|
||||
- **Audit retention infra** — approved 2026-04-29, not yet built (Azure LAW 90d + Storage 6yr)
|
||||
- **NURSESTATION-PC auto-lock GPO** — HIPAA requirement (~10 min idle), not yet applied
|
||||
- **Entra Connect: OU=Administrative** — not yet in sync scope; UPN suffix updates for that OU pending
|
||||
- **Megan Hiatt (Marketing)** — domain join pending; GuruRMM agent not yet confirmed online
|
||||
- **DESKTOP-KQSL232 (Lois Lane / CareTakers)** — blocked on user cooperation; John Trozzi working with her
|
||||
- **CHEF-PC, SALES4-PC, MDIRECTOR-PC** — Phase 3 domain joins not yet started
|
||||
- **CS-QB / VoIP section** — deferred; Cascades transitioning away from traditional landlines, phones section needs revisit
|
||||
- **dunedolly21@gmail.com** — external guest invited 2026-04-14 by Lauren Hasselman; status unconfirmed
|
||||
- **ALIS per-caregiver email match** — each caregiver's ALIS staff-record Email must match Entra UPN exactly
|
||||
- **ALIS BAA with Medtelligent** — not yet verified; confirm with Meredith
|
||||
|
||||
---
|
||||
|
||||
## Reference Information
|
||||
|
||||
- **Cascades wiki:** `wiki/clients/cascades-tucson.md`
|
||||
- **Migration plan:** `C:\Users\Howard\.claude\plans\wise-discovering-panda.md`
|
||||
- **Workstation audit:** `clients/cascades-tucson/docs/workstations.md` (last audited 2026-03-20)
|
||||
- **Migration ticket:** Syncro #110680053
|
||||
- **Entra setup ticket:** Syncro #109412123
|
||||
- **Access control vendor meeting ticket:** Syncro #32324
|
||||
- **ALIS install key:** `d796539d-356b-4190-9c17-35f0f1129376`
|
||||
- **Cascades ALIS tenant:** https://cascadestucson.alisonline.com
|
||||
- **Caregiver dynamic group:** `ea96f4b7-3000-45da-ab1f-ddb28f509526` (Cascades - Shared Phones)
|
||||
Reference in New Issue
Block a user