app/Services/Graph/MicrosoftGraphClient.php

@@ -781,17 +781,8 @@ private function endpointFor(string $policyType): string
             return $contractResource;
         }
 
-        $builtinEndpoint = $this->builtinEndpointFor($policyType);
+        $supported = config('tenantpilot.supported_policy_types', []);
-        if ($builtinEndpoint !== null) {
+        foreach ($supported as $type) {
-            return $builtinEndpoint;
-        }
-
-        $types = array_merge(
-            config('tenantpilot.supported_policy_types', []),
-            config('tenantpilot.foundation_types', []),
-        );
-
-        foreach ($types as $type) {
             if (($type['type'] ?? null) === $policyType && ! empty($type['endpoint'])) {
                 return $type['endpoint'];
             }
@@ -800,16 +791,6 @@ private function endpointFor(string $policyType): string
         return 'deviceManagement/'.$policyType;
     }
 
-    private function builtinEndpointFor(string $policyType): ?string
-    {
-        return match ($policyType) {
-            'settingsCatalogPolicy',
-            'endpointSecurityPolicy',
-            'securityBaselinePolicy' => 'deviceManagement/configurationPolicies',
-            default => null,
-        };
-    }
-
     private function getAccessToken(array $context): string
     {
         $tenant = $context['tenant'] ?? $this->tenantId;

app/Services/Intune/RestoreService.php

@@ -676,8 +676,6 @@ public function execute(
                     'graph_error_code' => $response->meta['error_code'] ?? null,
                     'graph_request_id' => $response->meta['request_id'] ?? null,
                     'graph_client_request_id' => $response->meta['client_request_id'] ?? null,
-                    'graph_method' => $response->meta['method'] ?? null,
-                    'graph_path' => $response->meta['path'] ?? null,
                 ];
                 $hardFailures++;
 
@@ -984,10 +982,6 @@ private function isNotFoundResponse(object $response): bool
         $code = strtolower((string) ($response->meta['error_code'] ?? ''));
         $message = strtolower((string) ($response->meta['error_message'] ?? ''));
 
-        if ($message !== '' && str_contains($message, 'resource not found for the segment')) {
-            return false;
-        }
-
         if ($code !== '' && (str_contains($code, 'notfound') || str_contains($code, 'resource'))) {
             return true;
         }

resources/views/filament/infolists/entries/restore-results.blade.php

@@ -268,16 +268,10 @@
                                 @if (! empty($item['graph_error_code']))
                                     <div class="mt-1 text-[11px] text-amber-800">Code: {{ $item['graph_error_code'] }}</div>
                                 @endif
-                                @if (! empty($item['graph_request_id']) || ! empty($item['graph_client_request_id']) || ! empty($item['graph_method']) || ! empty($item['graph_path']))
+                                @if (! empty($item['graph_request_id']) || ! empty($item['graph_client_request_id']))
                                     <details class="mt-1">
                                         <summary class="cursor-pointer text-[11px] font-semibold text-amber-800">Details</summary>
                                         <div class="mt-1 space-y-0.5 text-[11px] text-amber-800">
-                                            @if (! empty($item['graph_method']))
-                                                <div>method: {{ $item['graph_method'] }}</div>
-                                            @endif
-                                            @if (! empty($item['graph_path']))
-                                                <div>path: {{ $item['graph_path'] }}</div>
-                                            @endif
                                             @if (! empty($item['graph_request_id']))
                                                 <div>request-id: {{ $item['graph_request_id'] }}</div>
                                             @endif

tests/Feature/RestoreGraphErrorMetadataTest.php

@@ -1,102 +0,0 @@
-<?php
-
-use App\Models\BackupItem;
-use App\Models\BackupSet;
-use App\Models\Tenant;
-use App\Services\Graph\GraphClientInterface;
-use App\Services\Graph\GraphResponse;
-use App\Services\Intune\RestoreService;
-use Illuminate\Foundation\Testing\RefreshDatabase;
-
-uses(RefreshDatabase::class);
-
-class RestoreGraphErrorMetadataGraphClient implements GraphClientInterface
-{
-    /** @var array<int, array{policyType:string,policyId:string,payload:array,options:array<string,mixed>}> */
-    public array $applyPolicyCalls = [];
-
-    public function listPolicies(string $policyType, array $options = []): GraphResponse
-    {
-        return new GraphResponse(true, []);
-    }
-
-    public function getPolicy(string $policyType, string $policyId, array $options = []): GraphResponse
-    {
-        return new GraphResponse(true, ['payload' => []]);
-    }
-
-    public function getOrganization(array $options = []): GraphResponse
-    {
-        return new GraphResponse(true, []);
-    }
-
-    public function applyPolicy(string $policyType, string $policyId, array $payload, array $options = []): GraphResponse
-    {
-        $this->applyPolicyCalls[] = [
-            'policyType' => $policyType,
-            'policyId' => $policyId,
-            'payload' => $payload,
-            'options' => $options,
-        ];
-
-        return new GraphResponse(false, ['error' => ['message' => 'Bad request']], 400, [], [], [
-            'error_code' => 'BadRequest',
-            'error_message' => "Resource not found for the segment 'endpointSecurityPolicy'.",
-            'request_id' => 'req-1',
-            'client_request_id' => 'client-1',
-            'method' => 'PATCH',
-            'path' => 'deviceManagement/endpointSecurityPolicy/esp-1',
-        ]);
-    }
-
-    public function getServicePrincipalPermissions(array $options = []): GraphResponse
-    {
-        return new GraphResponse(true, []);
-    }
-
-    public function request(string $method, string $path, array $options = []): GraphResponse
-    {
-        return new GraphResponse(true, []);
-    }
-}
-
-test('restore results include graph path and method on Graph failures', function () {
-    $client = new RestoreGraphErrorMetadataGraphClient;
-    app()->instance(GraphClientInterface::class, $client);
-
-    $tenant = Tenant::factory()->create();
-    $backupSet = BackupSet::factory()->for($tenant)->create([
-        'status' => 'completed',
-        'item_count' => 1,
-    ]);
-
-    $backupItem = BackupItem::factory()->for($tenant)->for($backupSet)->create([
-        'policy_id' => null,
-        'policy_identifier' => 'esp-1',
-        'policy_type' => 'endpointSecurityPolicy',
-        'platform' => 'windows',
-        'payload' => [
-            'id' => 'esp-1',
-            '@odata.type' => '#microsoft.graph.deviceManagementConfigurationPolicy',
-            'name' => 'Endpoint Security Policy',
-            'settings' => [],
-        ],
-        'assignments' => null,
-    ]);
-
-    $service = app(RestoreService::class);
-    $run = $service->execute(
-        tenant: $tenant,
-        backupSet: $backupSet,
-        selectedItemIds: [$backupItem->id],
-        dryRun: false,
-    );
-
-    expect($client->applyPolicyCalls)->toHaveCount(1);
-    expect($run->status)->toBe('failed');
-
-    $result = $run->results[0] ?? null;
-    expect($result)->toBeArray();
-    expect($result['graph_method'] ?? null)->toBe('PATCH');
-    expect($result['graph_path'] ?? null)->toBe('deviceManagement/endpointSecurityPolicy/esp-1');
-});

tests/Unit/GraphClientEndpointResolutionTest.php

@@ -61,40 +61,3 @@
         return str_contains($request->url(), '/beta/deviceAppManagement/targetedManagedAppConfigurations/A_1');
     });
 });
-
-it('uses built-in endpoint mapping for endpoint security policies when config is missing', function () {
-    config()->set('graph_contracts.types.endpointSecurityPolicy', []);
-    config()->set('tenantpilot.foundation_types', []);
-
-    Http::fake([
-        'https://login.microsoftonline.com/*' => Http::response([
-            'access_token' => 'fake-token',
-            'expires_in' => 3600,
-        ], 200),
-        'https://graph.microsoft.com/*' => Http::response(['id' => 'E_1'], 200),
-    ]);
-
-    $client = new MicrosoftGraphClient(
-        logger: app(GraphLogger::class),
-        contracts: app(GraphContractRegistry::class),
-    );
-
-    $client->applyPolicy(
-        policyType: 'endpointSecurityPolicy',
-        policyId: 'E_1',
-        payload: ['name' => 'Test'],
-        options: ['tenant' => 'tenant', 'client_id' => 'client', 'client_secret' => 'secret'],
-    );
-
-    Http::assertSent(function (Request $request) {
-        if (! str_contains($request->url(), 'graph.microsoft.com')) {
-            return false;
-        }
-
-        if (! str_contains($request->url(), '/beta/deviceManagement/configurationPolicies/E_1')) {
-            return false;
-        }
-
-        return ! str_contains($request->url(), '/beta/deviceManagement/endpointSecurityPolicy/E_1');
-    });
-});