--- name: quantum-godaddy-m365-tenant description: Quantum Wealth Management M365 migration uses a NEW fully-onboarded tenant 2fd0092b (quantumwms.com verified+primary); the old GoDaddy tenant ddf3d2c9 was bypassed, not taken over metadata: type: project --- During the Quantum Wealth Management email migration (Intermedia HEX -> Microsoft 365, Syncro #32323), Pax8 reported `quantumwms.com` was "already attached to a tenant." Unauthenticated discovery (2026-05-27) confirmed: - **Existing tenant:** `ddf3d2c9-b76c-40d9-a216-9f11a1a26f97`, default domain `netorg18235235.onmicrosoft.com`, brand name "quantumwms.com", **Managed**, NA region. The `NETORG#######.onmicrosoft.com` pattern = **GoDaddy-provisioned M365 tenant**. - `quantumwms.com` itself returns realm **Unknown** (added but not verified-as-primary in that tenant) — this pending/parked claim is what blocks Pax8. - Mail is on **Intermedia** (`*.exch090.serverdata.net`; SPF `spf.intermedia.net`), with GoDaddy (`secureserver.net`) + Proofpoint Essentials (`ppe-hosted.com`) still in SPF. So the GoDaddy M365 tenant is almost certainly **dormant** (no mailboxes there). **Why this matters:** It's a *Managed* tenant, so there is **NO DNS-based admin takeover** (that only works on unmanaged/viral tenants). Access requires the customer's **GoDaddy account login / the tenant Global Admin**, or GoDaddy releasing it. **RESOLUTION (2026-05-27):** Mike chose to **spin up a fresh tenant** rather than take over GoDaddy's (only 2 users — cleaner). The operative tenant is now **`2fd0092b-e9b7-474c-ad73-301f34dd6b64`** ("Quantum Wealth Management", `quantumwms.onmicrosoft.com`): `quantumwms.com` is **verified + primary** there, `john@`/`sheila@` are licensed (Pax8 M365), `sysadmin@quantumwms.com` is the ACG admin. Pax8 GDAP approved + the **full ComputerGuru app suite consented & directory-roles assigned via `onboard-tenant.sh`** (Tenant Admin, Security Investigator, Exchange Operator, User Manager, Defender; Exch/User/Auth/CA roles). The GoDaddy tenant `ddf3d2c9` (netorg18235235.onmicrosoft.com) was **bypassed** — it never verified the domain, so the new tenant claimed it; no GoDaddy takeover/defederate needed. Remaining migration steps: PST backups of both mailboxes (Intermedia has no server-side export), DNS cutover (MX/autodiscover/archival+sent-mail-encryption — Jen Curry/IFG meeting Thu 2026-05-28 1PM), then move mail Intermedia -> M365. Tracked on Syncro #32323; tenant row added to remediation-tool gotchas.md table. **(Historical) original blocker:** Pax8 reported the domain "attached to a tenant" = the GoDaddy-provisioned `ddf3d2c9` (NETORG onmicrosoft). Managed tenant, so no DNS takeover; would have needed GoDaddy GA access. Superseded by the fresh-tenant decision above.