sync: auto-sync from GURU-5070 at 2026-06-29 11:45:50

Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-29 11:45:50
This commit is contained in:
2026-06-29 11:46:42 -07:00
parent 1f15a6bc79
commit e99110fdc9
8 changed files with 1245 additions and 2 deletions

View File

@@ -12,7 +12,7 @@ Each Datto Project became its own SharePoint **site**, and the files live in tha
| **Admin** | Admin | https://birthbiologic.sharepoint.com/sites/admin | Documents library (root) | ~5.8 GB / ~6,300 files |
| **Birth Biologic Activity Reports** | Admin (same site) | https://birthbiologic.sharepoint.com/sites/admin | Documents library, subfolder `Birth Biologic Activity Reports` | small |
| **Donor Services** | Donor Services | https://birthbiologic.sharepoint.com/sites/donorservices | Documents library (root) | ~109 GB / ~56,800 files |
| **Quality Department** | Quality Department | https://birthbiologic.sharepoint.com/sites/QualityDepartment | Documents library (root) | ~28 GB / ~3,700 files |
| **Quality Department** | **Quality Systems Department** | https://birthbiologic.sharepoint.com/sites/QualitySystemsDepartment | Documents library (root) | ~28 GB / ~3,700 files |
| **Supply Management** | Supply Management | https://birthbiologic.sharepoint.com/sites/SupplyManagement | Documents library (root) | ~33 MB / ~160 files |
| **ITSvcs** | — NOT MIGRATED — | — | — | (ACG-owned IT folder, not BirthBiologic data; intentionally excluded) |
@@ -29,6 +29,13 @@ exact post-migration count.
as a subfolder).
- **ITSvcs is intentionally excluded** — it is an ACG-owned IT working folder, not BirthBiologic
business data, and was never in migration scope.
- **Quality split (correction 2026-06-29):** the Quality content exists in two sites — an interim
`Quality Department` site (the original OneDrive-sync target on ACG-DWP-X-BB) and the canonical
working **`Quality Systems Department`** site. The map points to Quality Systems Department.
A file-by-file comparison found ~1,006 files (~2.1 GB) present in the old `Quality Department`
site but missing from `Quality Systems Department` (mostly `LOGS` 485/1.6 GB and `Bone Bank Onsite
Audit 2025` 427/440 MB) — being migrated/reconciled into Quality Systems Department. Full list:
`quality-orphaned-files.txt`. The 4 `Quality Systems Department-*` spoke sites exist but are empty.
- The **Attachments** library visible under the synced OneDrive is a default SharePoint library, not
part of the Datto migration.

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,58 @@
# Offboarding Lockdown — Teresa Carpio (VWP)
- **Date (UTC):** 2026-06-29
- **Tech:** Mike Swanson (GURU-5070)
- **Reason:** Employee quit unexpectedly — lock out of all access, primarily email.
- **Tenant:** valleywideplastering.com (`5c53ae9f-7071-4248-b834-8685b646450f`)
- **Target:** `teresa@valleywideplastering.com` (objectId `615d8ef9-e3cc-49a8-bd56-19921cafea4e`)
- **Tooling:** remediation-tool skill (ComputerGuru tiered app suite)
## Pre-action state (read-only check — clean)
- Account enabled; created 2023-03-17; last password change 2025-09-04.
- Mailbox: **0 inbox rules**, no forwarding, no hidden rules, no foreign delegates/SendAs.
- Auth methods (3): password, SMS `+1 602-228-3396`, Microsoft Authenticator (iPhone 14 Plus).
- Licenses: M365 Business Premium (no Teams), Flow Free.
- **Directory role: User Administrator** (privileged — unusual for payroll staff).
- Group memberships: Estimating Archive, Office Archive, QB, Valley Wide Plastering.
- Sign-ins (30d interactive): 0 flagged / none non-US. No risky-user/risk detections.
- **Sent/Deleted review (per request):** no exfiltration. Sent = routine internal pay
sheets/orders/estimating to coworkers + legit vendors (henryproducts.com, engagebp.com);
last send 2026-06-29 07:58 MST. Deleted = newsletters/automated notices only (no record
destruction / track-covering).
## Actions taken (confirmed by Mike)
| Action | Result |
|---|---|
| Reset password to random value (permanent) | OK — required JIT elevation (she holds User Admin) |
| Delete SMS auth method (`+1 602-228-3396`) | HTTP 204 |
| Delete Microsoft Authenticator (iPhone 14 Plus) | HTTP 204 |
| Revoke all sign-in sessions | `value: true` |
| Verify auth methods | Only `passwordAuthenticationMethod` remains (no MFA) |
New password stored in vault: `clients/valleywide/teresa-m365-offboarded`. Account left
**enabled** with license + mailbox retained for handoff (not disabled per Mike's scope).
## [CRITICAL] Cleanup required — human Global Admin action
The password reset JIT-granted **Privileged Authentication Administrator** to the ComputerGuru
Tenant Admin SP (`fccda86c-77ca-4248-b876-b0cdba8605d4`). The script could not auto-remove it:
an app-only SP **cannot remove its own** privileged role ("no privilege to remove self"). Standing
PAA is now on our SP in the VWP tenant and must be removed by a human Global Admin:
> Entra portal → Roles and administrators → Privileged Authentication Administrator →
> remove **ComputerGuru Tenant Admin**. (Assignment id `ikzke6-tKk6E1qsmSeCKE2yozfzKd0hCuHawzbqGBdQ-1`.)
This is a script design flaw (logged to errorlog) — likely also left standing PAA on
**birthbiologic.com** (the 2026-06-08 reset). Worth a fleet sweep.
## Still open (Mike's decision / separate access)
- **Block sign-in / remove User Administrator role** — not done (scope was sessions+pw+MFA).
Recommended for a clean offboard.
- **On-prem AD `VWP.US`** — disable her personal user; the **`VWP\Payroll`** account she used on
the XP Orders VM is likely *shared* — confirm before disabling.
- Shared mailboxes `payroll@` / `orders@` — rotate / remove her access if delegated.
- VPN (OpenVPN on UDM), RDP/RemoteApp to VWP-QBS, QuickBooks login.
- Optional: convert her mailbox to shared or set a manager delegate for handoff.