azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-BEAST-ROG at 2026-05-29 16:34:25

Browse Source 
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-05-29 16:34:25
This commit is contained in:
Mike Swanson
2026-05-29 16:34:29 -07:00
parent 9e08eb5964
commit f576f7d686
3 changed files with 218 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
wiki/clients/barbaragrygutis.md Normal file
View File

@@ -0,0 +1,91 @@
---
type: client
name: barbaragrygutis
display_name: Barbara Grygutis Sculpture LLC
last_compiled: 2026-05-29
compiled_by: GURU-BEAST-ROG/discord-bot
sources:
- session-logs/2026-05-29-barbara-grygutis-m365-review.md
backlinks: []
---
# Barbara Grygutis Sculpture LLC
Artist / sculptor. ACG-hosted client. M365 tenant onboarded to ComputerGuru MSP app suite 2026-05-29.
---
## Profile
- **Primary email:** barbara@barbaragrygutis.com
- **Syncro customer ID:** 133348
- **Also in Syncro:** ID 641406 (email: grygutisstudios@dokotacom.net) — possible duplicate or secondary contact
---
## M365 / Identity
- **Domain:** barbaragrygutis.com
- **Tenant ID:** 25998ddc-49e6-4234-9396-6c152ce4ea69
- **MX:** barbaragrygutis-com.mail.protection.outlook.com (M365, NOT Neptune Exchange)
- **Licenses:** Exchange Online Plan 2, Power Automate Free
- **Account created:** 2021-12-22
- **Cloud-only:** Yes (no on-prem sync)
### MSP App Onboarding
Onboarded 2026-05-29. All 5 ComputerGuru tiered apps consented and directory roles assigned:
| App | Role Assigned |
|---|---|
| Security Investigator | Exchange Administrator |
| Exchange Operator | Exchange Administrator |
| Tenant Admin | Conditional Access Administrator |
| User Manager | User Administrator, Authentication Administrator |
| Defender Add-on | Skipped (no MDE license) |
---
## User Account: Barbara Grygutis
| Field | Value |
|---|---|
| UPN | Barbara@barbaragrygutis.com |
| Account enabled | Yes |
| User type | Member |
| Password last changed | 2021-12-24 (~4.5 years ago) |
| MFA device | iPhone 13 Pro Max (Microsoft Authenticator 6.8.1) |
| MFA phone | None registered |
| OAuth grants | EAS.AccessAsUser.All (Exchange ActiveSync — normal) |
---
## Security Status (as of 2026-05-29)
- **[WARNING] Active credential spray attack:** 100+ blocked attempts May 27-29, all blocked (error 50053 — malicious IP)
- **Attack infrastructure:** Tor exit nodes (185.220.101.x), Linode VPS (2600:3c02/3c03), Hurricane Electric tunnels, European proxy nodes (Germany)
- **Apps targeted:** Azure CLI, OfficeHome, Microsoft Online Services, One Outlook Web
- **Zero successful sign-ins** in 30-day log window
- **No mail forwarding configured**
- **No inbox rules found**
- **[CRITICAL] No Conditional Access policies on tenant** — no MFA enforcement, no legacy auth block
- **Auto-reply active** (scheduled) — may confirm account liveness to attackers
### Recommended Actions (pending)
- [ ] Confirm Barbara still controls the iPhone 13 Pro Max with Authenticator
- [ ] Force password reset
- [ ] Deploy CA: Require MFA for all users
- [ ] Deploy CA: Block legacy authentication
- [ ] Consider geo-restriction (US-only) given attack pattern
---
## History
| Date | Event |
|---|---|
| 2021-12-22 | Account created in M365 |
| 2021-12-24 | Password set (last change) |
| 2026-05-27 | Credential spray attack begins |
| 2026-05-29 | ACG onboarded tenant to MSP app suite; security review performed |