ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
478a9b6aed
TenantAtlas/specs/025-policy-sets/spec.md
Ahmed Darrazi d734c992cb spec: add upcoming Intune object specs (024-030)
2026-01-04 01:58:41 +01:00

2.6 KiB
Raw Blame History

Feature Specification: Policy Sets (Intune native bundling) (025)

Feature Branch: feat/025-policy-sets
Created: 2026-01-04
Status: Draft
Priority: P1

Context

Policy Sets are an Intune-native way to bundle multiple policies/apps into a deployable set. For tenants that rely on Policy Sets, “Tenant-as-Code” is incomplete without at least inventory + backup and a restore preview that highlights missing links.

User Scenarios & Testing

User Story 1 — Inventory + view Policy Sets (Priority: P1)

As an admin, I can see Policy Sets and inspect their composition (items) and assignments.

Acceptance Scenarios

  1. Given a tenant uses Policy Sets, when I sync policies, then Policy Sets appear as type policySet.
  2. Given a Policy Set, when I view details, then I see a readable list of included items and assignments.

User Story 2 — Backup + version history (Priority: P1)

As an admin, I can capture immutable snapshots of Policy Sets (including items) and diff versions.

Acceptance Scenarios

  1. Given a Policy Set, when I add it to a backup set, then the snapshot includes items and assignments (as supported by Graph).
  2. Given two versions, diffs highlight changed items and assignment targets.

User Story 3 — Restore preview (linking) (Priority: P1)

As an admin, I can run a restore preview that explains which Policy Set items can be linked in the target tenant and which are missing.

Acceptance Scenarios

  1. Given a Policy Set snapshot referencing policies/apps by ID, when I run preview, then TenantPilot reports missing vs resolvable items.
  2. Given missing referenced objects, preview warns and blocks execution unless resolved.

Requirements

Functional Requirements

  • FR-001: Add policy type policySet backed by Graph deviceAppManagement/policySets.
  • FR-002: Capture Policy Set payload + items subresource (and assignments if applicable).
  • FR-003: Restore preview MUST validate referenced IDs and provide a linking report.
  • FR-004: Restore execution is allowed only when all referenced items can be mapped safely (or stays preview-only initially).
  • FR-005: Add Pest tests for sync + snapshot + preview linking report.

Non-Functional Requirements

  • NFR-001: No destructive writes without explicit confirmation and audit logs.
  • NFR-002: Linking errors must be actionable (show which item is missing and why).

Success Criteria

  • SC-001: Policy Sets are visible and backed up.
  • SC-002: Preview makes missing dependencies obvious.
  • SC-003: If enabled, execution links only safe, mapped items.