where('scope_key', EntraCertifiedComparePackEvaluator::SCOPE_KEY) ->firstOrFail(); expect($scope->display_name)->toBe('Certified Entra Core Compare Pack') ->and($scope->minimum_coverage_level)->toBe(CoverageLevel::Certified) ->and($scope->included_resource_types)->toBe(['conditionalAccessPolicy', 'securityDefaults']) ->and($scope->allow_beta)->toBeFalse() ->and($scope->allow_graph_fallback)->toBeTrue() ->and($scope->customer_claims_allowed)->toBeFalse() ->and($scope->metadata['graph_fallback_allowlist'])->toBe(['securityDefaults']) ->and($scope->metadata['resource_type_denominator'])->toBe(['conditionalAccessPolicy', 'securityDefaults']) ->and($scope->metadata['customer_claims_allowed'])->toBeFalse() ->and($scope->metadata['restore_allowed'])->toBeFalse() ->and($scope->metadata['visible_in_coverage_readiness'])->toBeFalse(); }); it('Spec425 does not certify non-denominator Entra resource types', function (): void { Spec425::syncDefaults(); $scope = TenantConfigurationSupportedScope::query() ->where('scope_key', EntraCertifiedComparePackEvaluator::SCOPE_KEY) ->firstOrFail(); expect($scope->included_resource_types)->not->toContain( 'application', 'servicePrincipal', 'roleDefinition', 'administrativeUnit', 'authenticationMethodsPolicy', 'identityProtectionPolicy', 'authorizationPolicy', 'crossTenantAccessPolicy', 'accessReview', ); }); it('Spec425 keeps the internal certified scope out of existing Coverage v2 readiness options', function (): void { Spec425::syncDefaults(); $readModel = app(CoverageV2ReadinessReadModel::class); expect($readModel->supportedScopeOptions()) ->not->toHaveKey(EntraCertifiedComparePackEvaluator::SCOPE_KEY) ->and($readModel->defaultScopeKey())->toBe('intune_tcm_core') ->and($readModel->includedCanonicalTypesForScope(EntraCertifiedComparePackEvaluator::SCOPE_KEY))->toBe([]); $resourceType = TenantConfigurationResourceType::query() ->where('canonical_type', 'conditionalAccessPolicy') ->firstOrFail(); $details = $readModel->resourceTypeInspectDetails($resourceType, EntraCertifiedComparePackEvaluator::SCOPE_KEY); expect($details['scope'])->toBeNull() ->and($details['scope_key'])->toBeNull() ->and($details['supported_scope'])->toBe('No active scope'); });