docs: add domain expansion roadmap entries and spec candidates

Add roadmap and spec-candidate entries for four missing high-value domain expansions: - Entra Role Governance - SharePoint Tenant-Level Sharing Governance - Enterprise App / Service Principal Governance - Security Posture Signals Roadmap entries placed in Mid-term section as strategic domain coverage expansions. Spec candidates added to Qualified section with bounded problem/direction framing.
2026-03-17 12:52:51 +01:00 · 2026-03-17 12:52:51 +01:00 · 0ff7039a42
commit 0ff7039a42
parent 417df4f9aa
2 changed files with 61 additions and 1 deletions
--- a/docs/product/roadmap.md
+++ b/docs/product/roadmap.md
@ -91,6 +91,30 @@ ### Compliance Readiness & Executive Review Packs
 **Depends on**: StoredReports / EvidenceItems foundation, Tenant Review runs, Findings + Risk Acceptance workflow, evidence / signal ingestion, export pipeline maturity.
 **Scope direction**: Start as compliance readiness and review packaging. Avoid formal certification language or promises. Position as governance evidence, management reporting, and audit preparation.
 ### Entra Role Governance
 Expand TenantPilot's governance coverage into Microsoft Entra role definitions and assignments as a first-class identity administration surface.
 **What it means**: Inventory and visibility for built-in and custom role definitions. Visibility into role assignments and governance-relevant changes. Review-ready representation of identity administration posture.
 **Why it matters**: Identity role governance is central to audit readiness and privilege control. Strengthens TenantPilot beyond device configuration into identity governance.
 **Scope direction**: Start with visibility, inventory, and governance-oriented reviewability. Avoid prematurely turning this into a full attestation workflow block.
 ### SharePoint Tenant-Level Sharing Governance
 Extend TenantPilot into high-value Microsoft 365 data-governance controls by covering tenant-level SharePoint and OneDrive sharing settings.
 **What it means**: Visibility into tenant-wide sharing and external access posture. Governance-oriented review surface for high-risk sharing controls. Alignment with customer demand for audit-ready data-sharing posture.
 **Why it matters**: Tenant-level sharing controls are critical for data exposure and external collaboration governance. Expands TenantPilot into a high-value non-Intune policy domain without becoming a generic M365 admin mirror.
 **Scope direction**: Start at tenant-level settings, not full site-level governance. Position as governance and reviewability, not full SharePoint administration.
 ### Enterprise App / Service Principal Governance
 Add governance coverage for enterprise applications and service principals, especially around privileged permissions, expiring credentials, and review workflows.
 **What it means**: Visibility into enterprise apps and service principals. Detection of expiring secrets and certificates. Governance surfaces for privileged app access and renewal workflows.
 **Why it matters**: App identities are a major cloud governance and security pain point for MSPs and enterprise customers. Creates strong customer-facing value beyond tenant configuration backup and restore.
 **Scope direction**: Start with visibility, expiry monitoring, and governance workflows. Avoid collapsing this into app-consent policy coverage alone.
 ### Security Posture Signals
 Expand TenantPilot's evidence layer with high-value security posture signals that support customer reviews, audit preparation, and recurring governance reporting.
 **What it means**: Defender Vulnerability Management exposure and remediation-oriented signals. Backup success/failure and protection-state signals. Additional evidence inputs for review packs and executive reporting.
 **Why it matters**: Strengthens TenantPilot's audit and review story without turning it into a remediation engine. Helps prove operational effectiveness in recurring customer reviews.
 **Scope direction**: Treat these as evidence/signal domains, not policy domains. Prioritize reporting, history, and correlation over operational ownership.
 ---
 ## Long-term
--- a/docs/product/spec-candidates.md
+++ b/docs/product/spec-candidates.md
@ -5,7 +5,7 @@ # Spec Candidates
 >
 > **Flow**: Inbox → Qualified → Planned → Spec created → removed from this file
-**Last reviewed**: 2026-03-17 (Help Center, Documentation Pipeline, Drift Notifications Settings, User Invitations added)
+**Last reviewed**: 2026-03-17 (Enterprise App / SP Governance, SharePoint Sharing Governance, Entra Role Governance, Security Posture Signals added)
 ---
@ -96,6 +96,42 @@ ### Evidence Domain Foundation
 - **Dependencies**: Review pack export (109), permission posture (104/105)
 - **Priority**: high
 ### Enterprise App / Service Principal Governance
 - **Type**: feature
 - **Source**: platform domain coverage planning, governance gap analysis
 - **Problem**: TenantPilot covers tenant configuration and governance workflows, but lacks a first-class governance surface for enterprise applications and service principals. Operators cannot easily answer which app identities exist, which ones hold privileged permissions, which credentials are nearing expiry, and where renewal/review workflows are needed.
 - **Why it matters**: Enterprise apps and service principals are a major governance and security pain point in Microsoft cloud environments. Expiring secrets/certificates, over-privileged app permissions, and unclear ownership create real audit, operational, and risk-management gaps. This is highly relevant for MSP reviews, customer reporting, and exception workflows.
 - **Proposed direction**: Add a governance-oriented domain surface for enterprise applications and service principals, starting with inventory, privileged-permission visibility, expiring credential visibility, ownership/review metadata, alerting hooks, and exception/renewal workflow support. Keep the scope centered on governance and reviewability rather than trying to model all enterprise app administration.
 - **Dependencies**: Evidence/reporting direction, alerting foundations, RBAC/capability model, domain coverage strategy
 - **Priority**: high
 ### SharePoint Tenant-Level Sharing Governance
 - **Type**: feature
 - **Source**: platform domain coverage planning, audit/compliance positioning
 - **Problem**: TenantPilot currently focuses on device and identity governance domains, but does not yet cover one of the most audit-relevant Microsoft 365 data-governance control surfaces: tenant-level SharePoint and OneDrive external sharing settings. Operators lack a governance view for high-risk sharing posture at tenant scope.
 - **Why it matters**: Tenant-level sharing controls are central to data exposure, external collaboration, and audit readiness. For many customers, especially compliance-oriented SMB and midmarket environments, these settings are part of the core governance story and should not remain outside the platform's planned coverage.
 - **Proposed direction**: Introduce a bounded governance surface for tenant-level SharePoint and OneDrive sharing/access settings, focused on inventory, reviewability, explainability, and later alignment with evidence/reporting workflows. Start at tenant-level controls rather than attempting full site-level administration or a broad SharePoint management surface.
 - **Dependencies**: Domain coverage strategy, Microsoft 365 policy-domain expansion, reporting/evidence direction
 - **Priority**: medium
 ### Entra Role Governance
 - **Type**: feature
 - **Source**: platform domain coverage planning, identity governance expansion
 - **Problem**: TenantPilot does not yet provide a first-class governance surface for Microsoft Entra roles. Built-in roles, custom role definitions, and role assignments are highly relevant for identity governance, but today they are not planned as a dedicated product capability.
 - **Why it matters**: Role governance is a central part of tenant security posture, privileged access control, and audit readiness. Customers need visibility into how administrative authority is defined and assigned, especially as Entra role usage grows beyond default out-of-the-box roles.
 - **Proposed direction**: Add a first-class Entra role governance capability focused on role definitions and assignments as governable objects. Start with inventory, visibility, and review-oriented explainability. Preserve the possibility of future attestation/review workflows without making them mandatory in V1.
 - **Dependencies**: Identity governance expansion, RBAC/capability model, reporting/evidence direction
 - **Priority**: medium
 ### Security Posture Signals Foundation
 - **Type**: feature
 - **Source**: platform domain coverage planning, compliance/readiness reporting direction
 - **Problem**: TenantPilot's evidence and reporting direction is strong, but high-value security posture signals such as Defender Vulnerability Management exposure data and backup assurance signals are not yet represented as a bounded product capability. This leaves a gap between governance findings and the operational evidence customers want in recurring reviews.
 - **Why it matters**: Customers and MSP operators increasingly want proof that security operations are functioning, not just that configurations exist. Exposure trends, vulnerability posture, and backup success/failure signals are highly valuable inputs for executive reviews, customer reporting, and audit preparation.
 - **Proposed direction**: Establish a bounded evidence/signal foundation for ingesting, historizing, correlating, and reporting on selected posture signals, starting with Defender Vulnerability Management and backup success/failure/protection-state signals. Keep this clearly in the evidence domain, not the policy domain.
 - **Dependencies**: StoredReports/Evidence direction, signal ingestion foundations, reporting/export maturity
 - **Priority**: medium
 ### Policy Lifecycle / Ghost Policies (Spec 900 refresh)
 - **Type**: feature
 - **Source**: Spec 900 draft (2025-12-22), HANDOVER risk #9