ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
061-provider-foundation
TenantAtlas/specs/014-enrollment-autopilot/plan.md
ahmido 6a1809fbe9 014-enrollment-autopilot (#20) 
This PR completes Feature 014 (Enrollment & Autopilot).

Adds normalization for:
Autopilot deployment profiles (windowsAutopilotDeploymentProfile)
Enrollment Status Page / ESP (windowsEnrollmentStatusPage)
Enrollment Restrictions (enrollmentRestriction, restore remains preview-only)
Improves settings readability:
Autopilot OOBE settings are expanded into readable key/value entries
Enrollment restriction platform restrictions are shown as explicit fields (with sensible defaults)
Array/list values render as badges (avoids Blade rendering crashes on non-string values)
Fixes enrollment configuration type collisions during sync:
Canonical type resolution prevents enrollmentRestriction from “claiming” ESP items
Safe reclassification updates existing wrong rows instead of skipping
Enhances reclassification command:
Can detect ESP even if a policy has no local versions (fetches snapshot from Graph)
Dry-run by default; apply with --write
Tests

Added/updated unit + Filament feature tests for normalization and UI rendering.
Preview-only enforcement for enrollment restrictions is covered.
Targeted test suite and Pint are green.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #20
2026-01-02 11:59:21 +00:00

2.0 KiB
Raw Permalink Blame History

Plan: Enrollment & Autopilot (014)

Branch: 014-enrollment-autopilot Date: 2026-01-01 Input: spec.md

Goal

Provide end-to-end support for enrollment & Autopilot configuration items with readable normalized settings and safe restore behavior.

Scope

In scope

  • Policy types:
    • windowsAutopilotDeploymentProfile (restore enabled)
    • windowsEnrollmentStatusPage (restore enabled)
    • enrollmentRestriction (restore preview-only)
  • Readable “Normalized settings” for the above types.
  • Restore behavior:
    • Autopilot/ESP: apply via existing restore mechanisms (create-if-missing allowed)
    • Enrollment restrictions: must be skipped on execution by default (preview-only)
  • Tests for normalization + UI rendering + preview-only enforcement.

Out of scope

  • New restore wizard flows/pages.
  • Enabling execution for enrollment restrictions (requires product decision).
  • New external services.

Approach

  1. Verify config/graph_contracts.php and config/tenantpilot.php entries for the three policy types.
  2. Implement a new policy type normalizer to provide stable, enrollment-relevant blocks for:
    • Autopilot deployment profiles
    • Enrollment Status Page
    • Enrollment restrictions
  3. Register the normalizer with the policy-type-normalizers tag.
  4. Add tests:
    • Unit tests for normalized output stability/shape.
    • Filament feature tests verifying “Normalized settings” renders for each type.
    • Feature test verifying enrollmentRestriction restore is preview-only and skipped on execution.
  5. Run targeted tests and Pint.

Risks & Mitigations

  • Payload shape variance across tenants: normalizer must handle missing keys safely.
  • Enrollment restrictions are high impact: execution must remain disabled by default (preview-only).

Success Criteria

  • Normalized settings are stable and readable for all in-scope types.
  • Restore execution skips preview-only types and reports clear result reasons.
  • Tests cover normalization and preview-only enforcement.