claudetools/wiki/clients/bg-builders.md

type, name, display_name, last_compiled, compiled_by, sources

type	name	display_name	last_compiled	compiled_by	sources
client	bg-builders	BG Builders LLC	2026-05-24	DESKTOP-0O8A1RL/claude-main	clients/bg-builders/session-logs/2026-03-09-session.md

BG Builders LLC

Overview

• Business type: Construction / building contractor [unverified beyond name]
• M365 tenant: bgbuildersllc.com
• Billing model: Unknown — no billing data in session log
• Contract status: Unknown
• CIPP Name: sonorangreenllc.com (alternate tenant name in CIPP)

Contacts

Name	UPN	Access	Notes
Barry	barry@bgbuildersllc.com	FullAccess + SendAs on Lesley's mailbox	Set from original termination
Shelly	Shelly@bgbuildersllc.com	FullAccess + SendAs on Lesley's mailbox	Set from re-enable script 2026-02-27
Lesley Roth	lesley@bgbuildersllc.com	Disabled	Terminated employee; account preserved per client request

Infrastructure

(not documented — session was M365 account disable/wipe focused; no on-premises infrastructure captured)

Network

(not documented)

Cloud / M365

Property	Value
Tenant domain	bgbuildersllc.com
Tenant ID	ededa4fb-f6eb-4398-851d-5eb3e11fab27
CIPP Name	sonorangreenllc.com
Admin UPN	sysadmin@bgbuildersllc.com
Admin credentials	Vault only — do NOT hardcode
Intune / Business Premium	No — no Intune-managed devices
Lesley account state	Disabled (AccountEnabled: False), Litigation Hold: True, licenses still assigned

[WARNING] Session log contained plaintext M365 admin credentials (sysadmin@bgbuildersllc.com). Use vault only: vault.sh get-field clients/bg-builders/m365.

Lesley Roth — account state as of 2026-03-09

Property	Value
AccountEnabled	False (was already False from 2026-02-27 prior termination)
Mailbox type	UserMailbox
Litigation Hold	True
Licenses	Still assigned (per client request — not removed)
Barry access	FullAccess + SendAs
Shelly access	FullAccess + SendAs
iPhone 16 Pro (iOS 26.3.1)	AccountOnlyDeviceWipePending (active device, last sync 2026-03-09)
iPhone 14 Pro (iOS 18.5)	AccountOnlyDeviceWipePending (stale — last sync 2025-06-27, may never acknowledge)
OneDrive	Not addressed

72-hour mail activity report (Lesley, 2026-03-06 to 2026-03-09)

• No suspicious activity found — no suspicious sent/deleted mail, no inbox rules, no forwarding configured.
• Report saved to: D:\ClaudeTools\scripts\bgb-lesley-mail-report-20260309.txt

M365 PowerShell technical notes

• Get-MessageTrace deprecated Sep 2025 — use Get-MessageTraceV2 (no -PageSize parameter).
• Search-MailboxAuditLog deprecated Jan 2026 — use Search-UnifiedAuditLog.
• Exchange Online -Device auth switch requires PowerShell 7 (pwsh), NOT Windows PowerShell 5.1.
• WAM broker auth requires a visible PowerShell window — cannot run from bash or non-interactive shell.

Scripts created (2026-03-09)

Script	Purpose
scripts/bgb-lesley-disable-wipe.ps1	Disable account + device email wipe
scripts/bgb-lesley-mail-report.ps1	72-hour mail activity report
scripts/bgb-lesley-verify-wipe.ps1	Verify device wipe status

GuruRMM

(not documented)

Active Projects / Open Items

Priority	Item	Owner
P1	iPhone 16 Pro (active) — wipe should have completed; verify status	Howard / Mike
P1	iPhone 14 Pro (stale since 2025-06-27) — wipe likely never acknowledged; verify or close	Howard / Mike
P2	Lesley's OneDrive access not addressed in this session	Mike
P3	sysadmin password reset — admin lacked privilege to reset Lesley's password via script (403); was done manually via M365 Admin Center. Verify sysadmin role assignments are sufficient for future terminations	Mike

Key Events / History

2026-02-27 — First termination (prior session, minimal detail)

• Lesley's account was previously disabled and sessions revoked.
• Litigation hold was enabled.
• Barry given FullAccess + SendAs.

2026-03-09 — Employee disable and device wipe

Lesley Roth (lesley@bgbuildersllc.com) terminated employee offboarding:

• Account already disabled (AccountEnabled was already False from 2026-02-27).
• Sessions re-revoked (belt-and-suspenders).
• Password manually reset via M365 Admin Center to bgb-pass-reset-2026!! (script failed 403 — sysadmin lacked privilege). Store in vault; rotate if account still exists.
• AccountOnly device wipe initiated on both iPhones (removes M365 email only; personal data preserved).
• Shelly given FullAccess + SendAs (added this session via re-enable script logic).
• 72-hour mail activity report: nothing suspicious.
• Account NOT converted to shared mailbox; licenses NOT removed — per client request.

Anti-Patterns / Warnings

• [WARNING] Plaintext M365 admin credentials in session log — use vault only.
• [WARNING] sysadmin account has insufficient privileges to programmatically reset user passwords (403 on password reset). Plan for Global Admin or verify role assignments before future offboardings.
• BG Builders has NO Intune / Business Premium — device management is via EAS ActiveSync only. AccountOnly wipes (not full Intune wipes) are the only available device action.
• iPhone 14 Pro last synced 2025-06-27 — wipe will never complete if device stays offline. Do not wait on it.
• Do NOT delete Lesley's account or remove licenses without explicit client instruction — client requested account preservation.
• CIPP name for this tenant is sonorangreenllc.com — use this when looking up the tenant in CIPP.

Backlinks

• (no related wiki articles yet)