ahmido
602195324b
specs for additional intune types Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #28
1.8 KiB
1.8 KiB
Feature Specification: Windows Information Protection (WIP) Policies (029)
Feature Branch: feat/029-wip-policies
Created: 2026-01-04
Status: Draft
Priority: P2
Context
Some tenants rely on WIP (MAM/WIP). These policies live under deviceAppManagement and should be treated as first-class objects for backup/restore.
User Scenarios & Testing
User Story 1 — Inventory shows WIP policies separately (Priority: P1)
As an admin, I can see WIP policies as their own types (not mixed into generic MAM policies).
Acceptance Scenarios
- Sync lists WIP policies from Graph and stores them as
windowsInformationProtectionPolicy. - Sync lists MDM WIP policies and stores them as
mdmWindowsInformationProtectionPolicy.
User Story 2 — Backup + restore (Priority: P2)
As an admin, I can back up and restore WIP policies with assignments safely.
Acceptance Scenarios
- Snapshot capture stores the full policy payload and assignments.
- Restore execution uses the correct derived entity set endpoint for create/update.
Requirements
Functional Requirements
- FR-001: Add policy types:
windowsInformationProtectionPolicy→deviceAppManagement/windowsInformationProtectionPoliciesmdmWindowsInformationProtectionPolicy→deviceAppManagement/mdmWindowsInformationProtectionPolicies
- FR-002: Capture full payload + assignments.
- FR-003: Restore supports create/update with contract-driven sanitization and assignment apply.
- FR-004: Add normalized display for key WIP fields (protected apps/identities, enforcement level, exemptions, etc.).
- FR-005: Add Pest tests for sync + snapshot + restore preview/execution.
Success Criteria
- SC-001: WIP policies appear and can be backed up.
- SC-002: Restore preview/execution uses correct endpoints and is auditable.