Add the Memory Care Reception Epson ET-5800 (EPSON833571, 10.0.20.78,
dc:cd:2f:83:35:71) as a named print share on CS-SERVER. The printer was
previously pending a UniFi switch replacement; it is now online on VLAN 20.
- Created TCP port TCP_10.0.20.78 and shared as MCReception via GuruRMM
remote PS (driver already present from FrontDesk ET-5800 setup)
- Updated printers.md entry #12 with IP, MAC, share path, and Online status
- Added MCReception to active-directory.md printer table with OU=Care-Memorycare
ILT scope; GPO count bumped to 14
- Added MCReception entry to phase2-print-server.ps1 for reference
Access: OU=Care-Memorycare via Printer Deployment GPO (unlinked until Phase 3).
Alma Montt (cloud-only M365) connects manually to \CS-SERVER\MCReception.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rewrote with verified IPs and confirmed drivers. All 8 printers created and
shared via GuruRMM 2026-05-20. Deferred: FrontDesk Epson (needs Epson
Universal driver), Health-206 Konica Minolta (needs KM PCL6 Universal driver).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fixed Exchange.ManageAsApp missing from Security Investigator app registration
- Granted role directly in Cascades tenant via Graph API
- Investigated Alma Montt mailbox: no delivery blocks found, specific sender TBD
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Created SG-Mgmt-RW, SG-Sales-RO, SG-Activities-RW in OU=Groups.
Created SMB shares Management, Sales, Activities, Server on D:\Shares
with ABE enabled and correct NTFS ACLs per group.
Scripts run on CS-SERVER via GuruRMM 2026-05-20. AD doc updated to live state.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Cloud-only M365 user created, SPB license assigned, SSPR group added,
CA/MFA audit, Syncro billing for tickets #109316879 and #110120097.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Cascades of Tucson — created 4 new caregiver accounts, Alma Montt admin account,
terminated Niel Castro, reclassified Celia Lassey and Patricia Sandoval-Beck from
SG-Caregivers. Entra sync run; Alma Montt M365 license pending background task.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Gap #13 in hipaa.md marked resolved. Same update in hipaa-caregiver-controls.md and m365.md.
Confirmed 2026-05-14: no separate HIPAA BAA acceptance exists or is required for M365 Business
plan tenants under the Microsoft Customer Agreement.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Full tenant verification sweep: all Intune/Entra objects match session logs
- Entra Connect staging mode exited; 17 AD groups synced to cloud
- CA policies (Block-off-network, Sign-in-frequency-8h, Block-non-compliant) patched from SG-Caregivers-Pilot to AD-synced SG-Caregivers
- Registration Campaign exclusion updated to SG-Caregivers
- Deleted test accounts: howard.enos (AD) and pilot.test (M365)
- Documented Christine Nyanzunda collision risk, Ederick Yuzon open item, standing security-group rule
- Session log written
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Exchange REST API still propagating (28 min). Need manual verification via
Exchange Admin Center to unblock HIPAA compliance check.
Instructions provided:
- Access Exchange Admin Center
- Search for Britney Thompson mailbox
- Document litigation hold status (enabled/disabled, date, duration)
- Report findings back in repo
Priority: HIGH - blocks Wave 1 caregiver rollout planning.
HIPAA requirement: §164.308(a)(3)(ii)(C) + §164.316(b)(2)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
