4.0 KiB
Feature Specification: Apps and App Management Coverage
Feature Branch: 008-apps-app-management
Created: 2025-12-26
Status: Draft
Input: Workload list for Intune backup and restore coverage (apps and assignments).
Overview
Expand backup and restore to application workloads, including client apps, app protection policies, and app configuration policies. This feature focuses on safe restore with clear mapping and avoids destructive changes or binary re-uploads.
User Scenarios and Testing (mandatory)
User Story 1 - App Protection Policies (Priority: P1)
As an admin, I want to back up and restore app protection policies with their assignments, so that MAM configurations can be recovered safely.
Independent Test: Capture an app protection policy with assignments. Restore into a tenant with different group IDs and verify assignments are mapped or skipped with reasons.
Acceptance Scenarios:
- Given a policy with assignments, when restore executes, then assignments are applied using group mapping.
- Given unresolved group mapping, when restore executes, then assignments are skipped with a human readable reason.
User Story 2 - App Configuration Policies (Priority: P2)
As an admin, I want to back up and restore app configuration policies for managed devices and managed apps, so that app settings are preserved.
Independent Test: Capture at least one managed device app configuration and one managed app configuration with assignments. Restore into a test tenant and verify the policy payload and assignments are applied.
Acceptance Scenarios:
- Given a managed device app configuration policy, when restore executes, then the policy is created or updated and assignments are applied safely.
- Given a managed app configuration policy referencing a missing app, when restore executes, then the policy is skipped with a clear reason.
User Story 3 - Client Apps (Priority: P3)
As an admin, I want to back up and restore client app metadata and assignments, so that app deployments can be re-created without re-uploading binaries.
Independent Test: Capture a mix of Win32 and Store apps with assignments. Restore into a test tenant and verify metadata and assignments are recreated or updated.
Acceptance Scenarios:
- Given a client app with assignments, when restore executes, then assignments are applied using group mapping and assignment filter mapping.
- Given a client app that cannot be matched in the target tenant, when restore executes, then the app is created if metadata-only create is supported, or skipped with a reason.
Requirements (mandatory)
Functional Requirements
- FR-008.1: System MUST support backup and restore for client apps as metadata-only (no binary upload).
- FR-008.2: System MUST support backup and restore for app protection policies with assignments.
- FR-008.3: System MUST support backup and restore for app configuration policies (managed devices and managed apps) with assignments.
- FR-008.4: System MUST apply assignments using existing group mapping and foundation mapping (assignment filters).
- FR-008.5: System MUST capture and restore app dependency metadata (supersedence) where supported, ensuring base apps are restored before dependents.
- FR-008.6: System MUST provide preview-only mode for app restores with clear warnings for missing dependencies.
- FR-008.7: System MUST record audit logs for app backup and restore actions, including skipped items and dependency failures.
Non-Goals
- No binary content upload or packaging (Win32, Store, LOB) in this feature.
- No token or connector re-creation (VPP, managed Google Play); metadata-only handling only.
Success Criteria (mandatory)
- SC-008.1: Restoring a set of 20 mixed app objects results in 100% of items in Applied, Partial, or Skipped with reason (no silent failures).
- SC-008.2: At least 95% of app assignments are applied successfully or explicitly skipped with a clear reason.
- SC-008.3: Preview mode for app restores completes in under 2 minutes for 50 selected items.