azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,292 Commits 3 Branches 0 Tags
295126ee6c4abe2588f94de0e022eabdbb1c925d
Commit Graph

19 Commits

Author SHA1 Message Date
Mike Swanson
c37fd11ee9 sync: auto-sync from GURU-KALI at 2026-05-31 19:31:53 
Author: Mike Swanson
Machine: GURU-KALI
Timestamp: 2026-05-31 19:31:53
 2026-05-31 19:31:56 -07:00
Mike Swanson
f576f7d686 sync: auto-sync from GURU-BEAST-ROG at 2026-05-29 16:34:25 
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-05-29 16:34:25
 2026-05-29 16:34:31 -07:00
Mike Swanson
a42d657c55 docs(session)+rules: 2026-05-27 — Quantum M365 onboarding, IX autodiscover fix, Syncro emergency/labor/attribution rules 
Session logs: root (Michael #32329 hosting offer + IX simplehost.email autodiscover DNS fix + Cascades #32332 emergency correction) + Quantum client log (M365 tenant 2fd0092b onboarding, break-glass GA, CA report-only).

Syncro rule overhaul:
- Emergency billing: prepaid -> 26184 @ hours x1.5 (was 26118); non-prepaid -> 26184 with channel rate (onsite $262.50 / remote+inshop $225)
- Never make up labor items (existing product + real name; QuickBooks sync)
- Corrections preserve original tech's user_id (commission); adding notes/labor never changes ticket owner

/remediation-tool: Conditional Access may be managed programmatically (report-only first + exclude break-glass + confirm before enforce); fabb3421 deprecated for customer tenants; Quantum tenant onboarded (gotchas table).

Memory: 4 new (no-madeup-labor, corrections-preserve-tech, ca-programmatic, quantum-godaddy-tenant) + updates.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 14:57:55 -07:00
Mike Swanson
b804a92a05 Session log: GuruRMM 4-bug fix + MSP360 backup integration 2026-05-19 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 16:54:06 -07:00
Mike Swanson
447b90e092 Session log: Cascades audit retention design + Pro-Tech Services email investigation 
Cascades:
- Approved Howard's corrected 4-policy CA bypass design
- Caught + fixed policy 3 GDAP bug (Service provider users exclusion)
- Decided hybrid LAW + Storage Account audit retention (ACG-billed,
  reuse existing Trusted Signing Azure subscription, westus2)
- Wrote full audit retention runbook for Howard
- Reshaped break-glass to two accounts (split-storage YubiKeys)
- Documented Cascades M365 admin model (admin@/sysadmin@ Connect-excluded
  by design; local AD Administrator separate identity layer)
- Decided Howard gets Owner on ACG sub with guardrails (resource lock +
  cost alert) instead of per-RG Contributor

Pro-Tech Services:
- DNS recon of pro-techhelps.com + pro-techservices.co
- Diagnosed calendar invite delivery issue (DKIM domain mismatch +
  no DMARC = strict receivers silently drop invites)
- Drafted non-technical IT-provider migration email to Michelle Sora

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-29 17:05:41 -07:00
Mike Swanson
97f4218926 remediation: mark SANDTEKO MACHINERY consent status as done in tenant-consent.html 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-24 20:13:20 -07:00
Mike Swanson
16f95e8235 fix(onboard): auto-assign Exchange Admin to Exchange Operator SP; mark Sandteko fully onboarded 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-24 20:13:20 -07:00
Mike Swanson
b7bc99174f onboard: SANDTEKO MACHINERY LLC (partial) — all apps consented, roles assigned, Exch Op Exchange Admin pending 
- tenants.md: updated status to PARTIAL with full detail note
- clients/sandteko-machinery/: new client directory with reports/ and session-logs/ scaffolding

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-24 20:13:20 -07:00
Mike Swanson
327dc329ab remediation-tool: fix tenant-sweep tier name; mark Kittle partially onboarded 
- tenant-sweep.sh line 12: renamed tier `graph` to `investigator` to match
  the valid tier name expected by get-token.sh
- tenants.md: updated Kittle Design & Construction consent status from NO
  to PARTIAL with notes on what was consented and what remains pending

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-24 07:13:16 -07:00
Mike Swanson
5ec20ac9dd session log: Dataforth SMTP fix, GuruRMM GAGETRAK onboarding, Cloudflare grey-cloud, ticket #32142 billed 
- Resolved calibration@dataforth.com SMTP AUTH per-mailbox block in Exchange Online
- Full Dataforth tenant onboarding (all 5 ComputerGuru apps consented)
- GuruRMM agent deployed on DF-GAGETRAK; diagnosed and fixed two issues:
  - rmm-api.azcomputerguru.com grey-clouded (Cloudflare was blocking WSS)
  - enrolled_agents auth gap workaround (site API key in AgentKey registry)
- Syncro ticket #32142 billed: 2 hrs prepaid, invoice #67447, status Invoiced
- syncro.md: fix .comment.id jq path (was .id, caused duplicate comments twice)
- tenants.md: Dataforth marked fully onboarded

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-23 09:20:00 -07:00
Mike Swanson
db4e3c25a5 Session log: GuruRMM MSI build fix + DESIGN.md + BirthBiologic onboarding 
- Fixed MSI build on Pluto (missing WixToolset.Util.wixext in install.rs)
- Created docs/DESIGN.md in gururmm repo (per-component design guide)
- Saved BirthBiologic GuruRMM site credentials to vault
- Added birth-biologic and mvan-inc client session logs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-21 12:02:23 -07:00
Mike Swanson
31afc61a55 docs: mark martylryan.com and grabblaw.com as done after successful re-onboard 2026-04-20 21:04:02 -07:00
Mike Swanson
821435594b docs: update tenant-consent.html — 17 tenants marked done after batch sweep 2026-04-20 20:16:44 -07:00
Mike Swanson
7a2e41c28c docs: add tenant-consent.html — clickable consent links for all 41 tenants 
Dark-theme HTML page with one-click consent URLs for each tenant.
Tracks done/pending state in localStorage. Re-consent tenants (martylryan,
grabblaw) highlighted separately. No copy-paste needed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-20 17:39:00 -07:00
Mike Swanson
fd6c96513d docs: add tenants.md with full partner tenant list + Tenant Admin consent URLs 
41 CIPP-managed tenants sourced from ListTenants API. Includes onboarding
status, tenant IDs, and pre-built Tenant Admin consent URLs for each.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-20 17:23:13 -07:00
Mike Swanson
41eac14c33 docs: mark Grabblaw fully onboarded — all three directory roles assigned 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-20 17:07:06 -07:00
Mike Swanson
cd50117aaf fix: remediation tool onboarding — add RoleManagement.ReadWrite.Directory + auto role assignment 
Root cause: app-only Graph operations (password reset, Exchange REST) require
directory roles on each SP in the customer tenant, not just admin consent.
RoleManagement.ReadWrite.Directory was missing from all app manifests, making
role assignment impossible without manual portal work that was never being done.

Changes:
- patch-tenant-admin-manifest.sh: adds RoleManagement.ReadWrite.Directory to
  Tenant Admin app manifest via Management app, grants home-tenant consent
- onboard-tenant.sh: new script — resolves tenant, acquires Tenant Admin token,
  assigns Exchange Administrator to Security Investigator SP and User/Auth
  Administrator to User Manager SP; --dry-run supported; idempotent
- get-token.sh: detects AADSTS7000229, emits consent URL + onboard-tenant.sh
  reminder instead of silent failure
- gotchas.md: onboarding steps at top, tenant table expanded with role columns,
  all known tenants updated including martylryan.com (first fully onboarded)

Verified: martylryan.com fully onboarded, password reset to MLR2026!! succeeded

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-20 16:56:47 -07:00
Mike Swanson
26df2c47b9 Session log: remediation skill rewrite (5-app tiered arch) + Cascades breach check John Trozzi 
- Rewrote get-token.sh: tiered app system (investigator/exchange-op/user-manager/tenant-admin/defender)
- Updated SKILL.md, command, gotchas, checklist, graph-endpoints for new app suite
- Cascades breach check: mailbox clean, inbound phishing received by John, DMARC gap noted

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-20 11:35:18 -07:00
Mike Swanson
100a491ac6 Session log: multi-user setup, audit + gap fixes, Howard onboarding package 
Two session logs:
- session-logs/2026-04-16-session.md: cross-cutting (multi-user, audit, infrastructure)
- guru-rmm session log appended: MSI installer, Len's Auto Brokerage, Uranus, migration drift

Gap fixes: GrepAI initialized + MCP server added, Ollama models pulling,
settings.json created (bypassPermissions), MCP_SERVERS.md written.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-16 18:56:26 -07:00