[ [ 'type' => 'deviceConfiguration', 'label' => 'Device Configuration', 'category' => 'Configuration', 'platform' => 'all', 'endpoint' => 'deviceManagement/deviceConfigurations', 'filter' => "@odata.type ne '#microsoft.graph.windowsUpdateForBusinessConfiguration'", 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium', ], [ 'type' => 'groupPolicyConfiguration', 'label' => 'Administrative Templates', 'category' => 'Configuration', 'platform' => 'windows', 'endpoint' => 'deviceManagement/groupPolicyConfigurations', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium', ], [ 'type' => 'settingsCatalogPolicy', 'label' => 'Settings Catalog Policy', 'category' => 'Configuration', 'platform' => 'windows', 'endpoint' => 'deviceManagement/configurationPolicies', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium', ], [ 'type' => 'windowsUpdateRing', 'label' => 'Software Update Ring', 'category' => 'Update Management', 'platform' => 'windows', 'endpoint' => 'deviceManagement/deviceConfigurations', 'filter' => "@odata.type eq '#microsoft.graph.windowsUpdateForBusinessConfiguration'", 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium-high', ], [ 'type' => 'deviceCompliancePolicy', 'label' => 'Device Compliance', 'category' => 'Compliance', 'platform' => 'all', 'endpoint' => 'deviceManagement/deviceCompliancePolicies', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium', ], [ 'type' => 'appProtectionPolicy', 'label' => 'App Protection (MAM)', 'category' => 'Apps/MAM', 'platform' => 'mobile', 'endpoint' => 'deviceAppManagement/managedAppPolicies', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium-high', ], [ 'type' => 'conditionalAccessPolicy', 'label' => 'Conditional Access', 'category' => 'Conditional Access', 'platform' => 'all', 'endpoint' => 'identity/conditionalAccess/policies', 'backup' => 'full', 'restore' => 'preview-only', 'risk' => 'high', ], [ 'type' => 'deviceManagementScript', 'label' => 'PowerShell Scripts', 'category' => 'Scripts', 'platform' => 'windows', 'endpoint' => 'deviceManagement/deviceManagementScripts', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium', ], [ 'type' => 'deviceShellScript', 'label' => 'macOS Shell Scripts', 'category' => 'Scripts', 'platform' => 'macOS', 'endpoint' => 'deviceManagement/deviceShellScripts', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium', ], [ 'type' => 'deviceHealthScript', 'label' => 'Proactive Remediations', 'category' => 'Scripts', 'platform' => 'windows', 'endpoint' => 'deviceManagement/deviceHealthScripts', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium', ], [ 'type' => 'enrollmentRestriction', 'label' => 'Enrollment Restrictions', 'category' => 'Enrollment', 'platform' => 'all', 'endpoint' => 'deviceManagement/deviceEnrollmentConfigurations', 'backup' => 'full', 'restore' => 'preview-only', 'risk' => 'high', ], [ 'type' => 'windowsAutopilotDeploymentProfile', 'label' => 'Windows Autopilot Profiles', 'category' => 'Autopilot', 'platform' => 'windows', 'endpoint' => 'deviceManagement/windowsAutopilotDeploymentProfiles', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium-high', ], [ 'type' => 'windowsEnrollmentStatusPage', 'label' => 'Enrollment Status Page (ESP)', 'category' => 'Enrollment', 'platform' => 'all', 'endpoint' => 'deviceManagement/deviceEnrollmentConfigurations', 'filter' => "@odata.type eq '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration'", 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'medium', ], [ 'type' => 'endpointSecurityIntent', 'label' => 'Endpoint Security Intents', 'category' => 'Endpoint Security', 'platform' => 'windows', 'endpoint' => 'deviceManagement/intents', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'high', ], [ 'type' => 'mobileApp', 'label' => 'Applications (Metadata only)', 'category' => 'Applications', 'platform' => 'all', 'endpoint' => 'deviceAppManagement/mobileApps', 'backup' => 'metadata-only', 'restore' => 'enabled', 'risk' => 'low-medium', ], ], 'foundation_types' => [ [ 'type' => 'assignmentFilter', 'label' => 'Assignment Filter', 'category' => 'Foundations', 'platform' => 'all', 'endpoint' => 'deviceManagement/assignmentFilters', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'low', ], [ 'type' => 'roleScopeTag', 'label' => 'Scope Tag', 'category' => 'Foundations', 'platform' => 'all', 'endpoint' => 'deviceManagement/roleScopeTags', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'low', ], [ 'type' => 'notificationMessageTemplate', 'label' => 'Notification Message Template', 'category' => 'Foundations', 'platform' => 'all', 'endpoint' => 'deviceManagement/notificationMessageTemplates', 'backup' => 'full', 'restore' => 'enabled', 'risk' => 'low', ], ], 'features' => [ 'conditional_access' => true, ], 'bulk_operations' => [ 'chunk_size' => (int) env('TENANTPILOT_BULK_CHUNK_SIZE', 10), 'poll_interval_seconds' => (int) env('TENANTPILOT_BULK_POLL_INTERVAL_SECONDS', 3), ], ];