# Microsoft 365

## Tenant Info
- Tenant Name: Von's Carstar
- Tenant ID: 53de51b9-a063-4f46-88ff-7c3468828ed9
- Primary Domain: vonscarstar.com
- Tenant Type: Managed (not federated)
- Admin Portal URL: https://admin.microsoft.com

## ComputerGuru Management Access
- **App suite onboarded:** 2026-06-01 (Tenant Admin consented by Rob; rest auto-consented + roles assigned via `onboard-tenant.sh`).
  - Tenant Admin → Conditional Access Administrator
  - Security Investigator → Exchange Administrator
  - Exchange Operator → Exchange Administrator
  - User Manager → User Administrator + Authentication Administrator
  - Defender Add-on → **incomplete** (2 ATP perms failed — no Microsoft Defender for Endpoint license; re-run onboard if MDE is added)
- **GDAP:** not required for ongoing access — the app-suite consent above gives durable, **non-expiring** admin access independent of GDAP, so the impending GDAP expiry is a non-issue. Reissue GDAP via the suite/CIPP only if delegated/portal admin is ever specifically needed. (Aside: the CIPP API client `ClaudeCipp2`/`420cb849` currently has no CIPP role — 403 on every endpoint — so CIPP-API automation is unavailable until a role is assigned; not blocking anything here.)

## Licensing
<!-- Verified via remediation tool (Graph) 2026-06-01: 10 users total. -->
| License Type                         | Quantity | Assigned | Available |
|--------------------------------------|----------|----------|-----------|
| Exchange Online (Plan 1) — EXCHANGESTANDARD | 8        | 8        | 0         |

Total users: **10** (8 licensed; 2 unlicensed — likely shared mailboxes / admin).

## Exchange Online
- Mail Domain(s): vonscarstar.com
- MX Record Points To: `vonscarstar-com.mail.protection.outlook.com` (M365 / EOP, pref 0)
- **Stale secondary MX:** `mx00.1and1.com` (1&1 IONOS, pref 10) — leftover from a prior host; should be removed to avoid split/misrouted delivery.
- SPF Record: <!-- TBD -->
- DKIM Enabled: <!-- TBD -->
- DMARC Policy: <!-- TBD -->
- Shared Mailboxes:
- Distribution Groups:
- Mail Flow Rules:

## SharePoint / OneDrive
- External Sharing: <!-- TBD -->

## Entra ID (Azure AD)
- MFA Enforced: <!-- TBD -->
- Conditional Access Policies: <!-- TBD (Tenant Admin SP now holds CA Admin) -->

## Security
- Defender for Office 365: <!-- TBD -->
- MDE (Defender for Endpoint): No (Defender Add-on onboarding failed on missing MDE license)
- Audit Log Retention: <!-- TBD -->

## Notes
- Onboarding + GDAP work: session 2026-06-01. tenants.md row = Onboarded: YES.