azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df6a2dd5d8d87515e7540891e89d3ba01bf49175
claudetools/wiki/clients/barbaragrygutis.md
Mike Swanson f576f7d686 sync: auto-sync from GURU-BEAST-ROG at 2026-05-29 16:34:25 
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-05-29 16:34:25
2026-05-29 16:34:31 -07:00

2.9 KiB
Raw Blame History

type, name, display_name, last_compiled, compiled_by, sources, backlinks
type name display_name last_compiled compiled_by sources backlinks
client barbaragrygutis Barbara Grygutis Sculpture LLC 2026-05-29 GURU-BEAST-ROG/discord-bot
session-logs/2026-05-29-barbara-grygutis-m365-review.md

Barbara Grygutis Sculpture LLC

Artist / sculptor. ACG-hosted client. M365 tenant onboarded to ComputerGuru MSP app suite 2026-05-29.

Profile

M365 / Identity

  • Domain: barbaragrygutis.com
  • Tenant ID: 25998ddc-49e6-4234-9396-6c152ce4ea69
  • MX: barbaragrygutis-com.mail.protection.outlook.com (M365, NOT Neptune Exchange)
  • Licenses: Exchange Online Plan 2, Power Automate Free
  • Account created: 2021-12-22
  • Cloud-only: Yes (no on-prem sync)

MSP App Onboarding

Onboarded 2026-05-29. All 5 ComputerGuru tiered apps consented and directory roles assigned:

App Role Assigned
Security Investigator Exchange Administrator
Exchange Operator Exchange Administrator
Tenant Admin Conditional Access Administrator
User Manager User Administrator, Authentication Administrator
Defender Add-on Skipped (no MDE license)

User Account: Barbara Grygutis

Field Value
UPN Barbara@barbaragrygutis.com
Account enabled Yes
User type Member
Password last changed 2021-12-24 (~4.5 years ago)
MFA device iPhone 13 Pro Max (Microsoft Authenticator 6.8.1)
MFA phone None registered
OAuth grants EAS.AccessAsUser.All (Exchange ActiveSync — normal)

Security Status (as of 2026-05-29)

  • [WARNING] Active credential spray attack: 100+ blocked attempts May 27-29, all blocked (error 50053 — malicious IP)
  • Attack infrastructure: Tor exit nodes (185.220.101.x), Linode VPS (2600:3c02/3c03), Hurricane Electric tunnels, European proxy nodes (Germany)
  • Apps targeted: Azure CLI, OfficeHome, Microsoft Online Services, One Outlook Web
  • Zero successful sign-ins in 30-day log window
  • No mail forwarding configured
  • No inbox rules found
  • [CRITICAL] No Conditional Access policies on tenant — no MFA enforcement, no legacy auth block
  • Auto-reply active (scheduled) — may confirm account liveness to attackers

Recommended Actions (pending)

  • Confirm Barbara still controls the iPhone 13 Pro Max with Authenticator
  • Force password reset
  • Deploy CA: Require MFA for all users
  • Deploy CA: Block legacy authentication
  • Consider geo-restriction (US-only) given attack pattern

History

Date Event
2021-12-22 Account created in M365
2021-12-24 Password set (last change)
2026-05-27 Credential spray attack begins
2026-05-29 ACG onboarded tenant to MSP app suite; security review performed
Reference in New Issue View Git Blame Copy Permalink