ahmido
602195324b
specs for additional intune types Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #28
2.4 KiB
2.4 KiB
Feature Specification: Custom Compliance Scripts (Windows) (026)
Feature Branch: feat/026-custom-compliance-scripts
Created: 2026-01-04
Status: Draft
Priority: P1
Context
Windows Custom Compliance is widely used. Without deviceComplianceScripts, backup/restore for compliance posture is incomplete. Restore must include assignments.
User Scenarios & Testing
User Story 1 — Inventory + view compliance scripts (Priority: P1)
As an admin, I can see Custom Compliance Scripts in inventory and view their script/config in a readable way.
Acceptance Scenarios
- Given device compliance scripts exist, sync shows them as type
deviceComplianceScript. - Detail view shows key settings (runAsAccount, enforceSignatureCheck, runAs32Bit) and script content (safe display rules).
User Story 2 — Backup + versioning (Priority: P1)
As an admin, I can capture versions/backups of compliance scripts so I can diff changes.
Acceptance Scenarios
- Snapshot capture stores the full payload including
detectionScriptContent. - Diff highlights script changes and operational flags.
User Story 3 — Restore preview + execution (Priority: P1)
As an admin, I can restore a compliance script and its assignments defensively.
Acceptance Scenarios
- Preview shows create/update + restore mode and warnings.
- Execution strips read-only fields and re-encodes script content correctly.
- Assignments are applied via Graph assign action.
Requirements
Functional Requirements
- FR-001: Add policy type
deviceComplianceScriptbacked by GraphdeviceManagement/deviceComplianceScripts(beta). - FR-002: Snapshot stores full payload (including
detectionScriptContent) and assignments. - FR-003: Restore supports create/update with contract-driven sanitization.
- FR-004: Restore applies assignments (
/assign) and records audit logs. - FR-005: Add normalized display support for key fields and script content (with safety limits).
- FR-006: Add Pest tests for sync + snapshot + preview + execution.
Non-Functional Requirements
- NFR-001: Script content must never be logged; UI display must be bounded (config-driven).
- NFR-002: Preview-only fallback when Graph returns unexpected shapes or missing contracts.
Success Criteria
- SC-001: Custom compliance scripts appear in inventory and backups.
- SC-002: Restore execution works and assignments are applied.