docs: purge stale fabb3421 narrative — Mail.Send already lives in the 365 app suite
Mail.Send is NOT an open decision or a 'blocked' item: the Exchange Operator tier (b43e7342) already holds Graph Mail.Send + Mail.ReadWrite + MailboxSettings.ReadWrite (the suite's IR victim-notification mail path). /mailbox (ACG own-mail) separately uses the dedicated ComputerGuru Mailbox app 1873b1b0. The deleted fabb3421/Claude-MSP-Access app is now referenced only as DELETED/do-not-use across all live surfaces. Corrected: remediation-tool gotchas.md (removed 'suite has no mail scopes / mailbox BLOCKED / decision-not-executed'), commands/mailbox.md (header + Attribution no longer name the deleted app as active), feedback memory (promoted 'suite has Mail.Send — settled' to a headline), breach-report template, .grok mirrors, credentials.md, CATALOG_SHARED_DATA.md, and wiki (internal-infrastructure, glaztech, dataforth). Removed dead plaintext secret for the deleted app from CATALOG_SHARED_DATA.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -323,7 +323,7 @@ Syncro asset IDs: 23845, 149614, 9708445, 9357407, 9276901, 9212922, 9078651, 88
|
||||
- **M365 admin:** sysadmin@dataforth.com — vault: `clients/dataforth/m365.sops.yaml`
|
||||
- **Tenant ID:** `7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584`
|
||||
- **Claude-Code-M365 Entra App:** App ID `7a8c0b2e-57fb-4d79-9b5a-4b88d21b1f29`, secret expires 2027-12-22 — vault: `clients/dataforth/m365.sops.yaml → credentials.entra-app`
|
||||
- **MSP Multi-Tenant App (Claude-MSP-Access):** MSP tenant `ce61461e-81a0-4c84-bb4a-7b354a9a356d`, App ID `fabb3421-8b34-484b-bc17-e46de9703418` — vault: msp-tools SOPS file
|
||||
- **MSP remediation app suite:** MSP tenant `ce61461e-81a0-4c84-bb4a-7b354a9a356d` — tiered ComputerGuru apps (Exchange Operator `b43e7342` etc.), vault `msp-tools/computerguru-*.sops.yaml`. *(Old single app `fabb3421`/Claude-MSP-Access DELETED 2026-06-14 — AADSTS700016, do not use.)*
|
||||
- **ComputerGuru tiered apps:** All 5 apps consented 2026-04-23. Exchange Operator SP (b43e7342) had Exchange Admin role added manually (gap in onboard-tenant.sh — not auto-assigned for Exch Operator).
|
||||
|
||||
### MSP360 Managed Backup API
|
||||
|
||||
@@ -103,7 +103,7 @@ Note on Priority 1: The "GTIMail No-Reply - Reject Inbound" transport rule rejec
|
||||
- **Remediation tool:** ComputerGuru apps consented in tenant (Exchange Operator, Security Investigator, Tenant Admin, Defender Add-on)
|
||||
- **Exchange Operator App ID:** b43e7342-5b4b-492f-890f-bb5a4f7f40e9
|
||||
- **Exchange Operator cert thumbprint:** A615823DE1CAF15229027DEC075AFE32B900D82C (not in Windows cert store on BEAST — use `get-token.sh` bearer token flow)
|
||||
- **Remediation tool app (AI):** fabb3421-8b34-484b-bc17-e46de9703418
|
||||
- **Remediation tool:** ComputerGuru tiered suite (Exchange Operator `b43e7342` etc.). *(Old single app `fabb3421`/Claude-MSP-Access DELETED 2026-06-14 — AADSTS700016, do not use.)*
|
||||
- **Exchange Admin role:** Assigned to ACG service principal in Entra
|
||||
- **Global Admin account:** admin@glaztechindustries.onmicrosoft.com (ACG admin only — external GA from tomakkglass.com removed 2026-04-21)
|
||||
- **Vault path:** `clients/glaztech/` [no SOPS credential file documented — remediation tool uses MSP-wide app credentials]
|
||||
|
||||
@@ -172,7 +172,7 @@ acg.local, acghosting.com (ExternalRelay), airandspaceacademy.com, amtransit.com
|
||||
|
||||
- **Domain:** azcomputerguru.com
|
||||
- **Tenant ID:** `ce61461e-81a0-4c84-bb4a-7b354a9a356d`
|
||||
- **MSP multi-tenant app (Claude-MSP-Access):** App ID `fabb3421-8b34-484b-bc17-e46de9703418` — vault: msp-tools SOPS file
|
||||
- **MSP remediation app suite (tiered, multi-tenant):** Security Investigator `bfbc12a4`, Exchange Operator `b43e7342` (holds Graph **Mail.Send** — the suite's mail-send path), User Manager `64fac46b`, Tenant Admin `709e6eed`, Defender `dbf8ad1a` — vault `msp-tools/computerguru-*.sops.yaml`. ACG own-mail (`/mailbox`) = dedicated app `1873b1b0` (`msp-tools/computerguru-mailbox.sops.yaml`). *(Old single app `fabb3421`/Claude-MSP-Access DELETED 2026-06-14 — AADSTS700016, do not use.)*
|
||||
|
||||
---
|
||||
|
||||
@@ -187,7 +187,7 @@ acg.local, acghosting.com (ExternalRelay), airandspaceacademy.com, amtransit.com
|
||||
| pfSense | `ssh admin@172.16.0.1 -p 2248` | Vault: `infrastructure/pfsense-firewall.sops.yaml` |
|
||||
| Neptune | Local PowerShell as administrator.ACG (on-box) | Also: WinRM from ACG-DC16; no WinRM from external without VPN |
|
||||
| ACG-DC16 | `Invoke-Command -ComputerName ACG-DC16` (from domain-joined box) | Kerberos via SPN-matching hostname required |
|
||||
| ACG M365 | Graph API via Claude-MSP-Access app | Vault: msp-tools SOPS file |
|
||||
| ACG M365 | Graph API via ComputerGuru app suite (Sec-Inv/Exch-Op/User-Mgr/Tenant-Admin/Defender) + Mailbox app `1873b1b0` | Vault: `msp-tools/computerguru-*.sops.yaml` |
|
||||
| Cloudflare API | Bearer token from 1Password | Partial: lacks Zone Settings + Analytics permissions |
|
||||
|
||||
**SSH passwordless automation to GuruRMM server (172.16.3.30, physical box):**
|
||||
|
||||
Reference in New Issue
Block a user