azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2a285d9898c7e58fb02b6a3374780bcd8c66eed9
claudetools/clients/cascades-tucson/reports/2026-05-07-app-onboarding-complete.md
Mike Swanson 2a285d9898 Cascades: MSP app suite onboarding complete 
All 5 ComputerGuru apps successfully onboarded:
- Security Investigator, Exchange Operator, User Manager, Tenant Admin, Defender Add-on
- API permissions granted (0 errors)
- Exchange Administrator role assigned to Security Investigator SP

Exchange REST API access pending propagation (15-30 min typical).

Next: Re-test Exchange REST after 09:30 AM MST to verify litigation hold check.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-05-07 09:10:02 -04:00

4.5 KiB
Raw Blame History

ComputerGuru MSP App Suite Onboarding - Cascades Tucson

Date: 2026-05-07 Tenant: Cascades of Tucson (207fa277-e9d8-4eb7-ada1-1064d2221498) Completed by: Mike Swanson (via Claude)

Summary

Successfully onboarded the ComputerGuru MSP app suite to the Cascades Tucson tenant. All five apps are now consented with appropriate API permissions granted. Exchange Administrator directory role assigned to Security Investigator service principal.

Apps Onboarded

App App ID Status Permissions
Security Investigator bfbc12a4-f0dd-4e12-b06d-997e7271e10c Consented Graph (10), Exchange Online (1)
Exchange Operator b43e7342-5b4b-492f-890f-bb5a4f7f40e9 Consented Graph (5), Exchange Online (2)
User Manager 64fac46b-8b44-41ad-93ee-7da03927576c Consented Graph (6)
Tenant Admin 709e6eed-0711-4875-9c44-2d3518c47063 Consented Graph (admin-level)
Defender Add-on dbf8ad1a-54f4-4bb8-8a9e-ea5b9634635b Consented Graph (1), Defender ATP (5)

Directory Role Assignments

Security Investigator SP (c64ee5c1-a607-46cb-81b8-42de3de98d48):

  • Exchange Administrator role (29232cdf-9323-42fd-ade2-1d097af3e4de)
  • Verified via Graph API: memberOf confirms role assignment

Exchange REST API Access - PENDING PROPAGATION

Current Status: HTTP 401 Unauthorized

Reason: Exchange Online role assignment propagation typically takes 15-30 minutes. The Graph API confirms the role is assigned, but Exchange REST API has not yet recognized the permission.

Next Steps:

  1. Wait 15-30 minutes for propagation

  2. Re-test Exchange REST access:

    TOKEN=$(REMEDIATION_AUTH=secret bash scripts/get-token.sh 207fa277-e9d8-4eb7-ada1-1064d2221498 investigator-exo 2>/dev/null)

curl -s -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  "https://outlook.office365.com/adminapi/beta/207fa277-e9d8-4eb7-ada1-1064d2221498/InvokeCommand" \
  -d '{"CmdletInput":{"CmdletName":"Get-Mailbox","Parameters":{"Identity":"test@cascadestucson.com"}}}'

  3. If still 401 after 30 minutes:

    • Verify role assignment in Entra portal: https://entra.microsoft.com → Roles and administrators → Exchange Administrator
    • Check for Conditional Access policies blocking service principal sign-ins
    • Verify Exchange Online license assigned to tenant

  4. Once access works: Re-run Britney Thompson litigation hold check

Validation Tests Passed

  • Tenant Admin token acquisition
  • All 5 apps consented successfully
  • API permissions granted (0 errors)
  • Exchange Administrator role assigned
  • Role assignment verified via Graph API
  • Exchange REST API access (pending propagation)

Onboarding Command Used

cd /Users/azcomputerguru/ClaudeTools/.claude/skills/remediation-tool
REMEDIATION_AUTH=secret bash scripts/onboard-tenant.sh cascadestucson.com

Authentication method: client_secret (PyJWT not available on macOS)

Service Principal IDs (Cascades Tenant)

App Object ID
Tenant Admin a5fa89a9-b735-4e10-b664-f042e265d137
Security Investigator c64ee5c1-a607-46cb-81b8-42de3de98d48
Exchange Operator 1c3bcfe9-6b4b-4273-852c-09d90f9ad146
User Manager 531becbb-af9b-489c-b8d4-11b1d04d0b42
Defender Add-on 6e08c11e-e096-4455-8991-46a4d3ccea0e

What This Enables

Remediation Tool Capabilities:

  • /remediation-tool slash command now works for Cascades
  • User breach checks (sign-in logs, risky users, OAuth consents)
  • Tenant sweeps (all users, MFA status, admin roles)
  • Exchange investigations (after propagation):
    • Inbox rules (including hidden)
    • Mailbox permissions and delegates
    • Forwarding rules
    • Litigation hold status
    • SendAs / FullAccess permissions

M365 Security Operations:

  • Automated breach investigation workflows
  • Compliance auditing (litigation hold, retention policies)
  • Identity Protection queries
  • Conditional Access policy review
  • Defender for Endpoint integration (if licensed)

Related Work

This onboarding was triggered by the need to verify Britney Thompson's litigation hold status for HIPAA compliance (§164.308(a)(3)(ii)(C) + §164.316(b)(2)).

See: clients/cascades-tucson/reports/2026-05-07-britney-thompson-litigation-hold-check.md

Status: Onboarding complete. Exchange REST access pending propagation (15-30 min). Next action: Re-test Exchange REST API after 09:30 AM MST (15 minutes from now).

Reference in New Issue View Git Blame Copy Permalink