ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a6ab36aca4
TenantAtlas/specs/023-endpoint-security-restore/tasks.md
ahmido 69d98e925c feat/018-driver-updates-wufb (#27) 
Tenants: Tenant anlegen/öffnen → tenant_id, app_client_id, app_client_secret setzen → Make current (wichtig).
Inventory → Policies: oben Sync from Intune.
In der Tabelle nach Type = “Driver Updates (Windows)” (windowsDriverUpdateProfile) filtern und Policy öffnen.
Auf der Policy: Settings-Tab prüfen (Block „Driver Update Profile“), dann Capture snapshot klicken und unter Versions die Version ansehen.
Restore-Test (nur im Test-Tenant!): Version öffnen → Restore to Intune erst als Dry-run, dann Execute; danach unter Backups & Restore → Restore Runs Ergebnis prüfen (soll graph_path mit deviceManagement/windowsDriverUpdateProfiles/... zeigen).

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #27
2026-01-04 00:38:54 +00:00

38 lines
2.1 KiB
Markdown
Raw Blame History

# Tasks: Endpoint Security Policy Restore (023)
**Branch**: `feat/023-endpoint-security-restore`
**Date**: 2026-01-03
**Input**: [spec.md](./spec.md), [plan.md](./plan.md)
## Phase 1: Setup
- [x] T001 Create spec/plan/tasks and checklist.
## Phase 2: Inventory & Design
- [x] T002 Confirm current restore mode + code paths for `endpointSecurityPolicy` (`config/tenantpilot.php`, restore services).
- [x] T003 Decide template resolution strategy (ID vs family/display name) and required Graph calls.
- [x] T004 Define settings instance validation rules (warning vs block) for restore preview/execution.
## Phase 3: Tests (TDD)
- [x] T005 Add feature tests for restore execution create/update for `endpointSecurityPolicy`.
- [x] T006 Add feature tests for preview warnings when template is missing.
- [x] T007 Add feature tests asserting restore execution fails gracefully when template is missing.
- [x] T008 Add tests for settings validation failure paths (invalid/unknown settings instances).
- [x] T009 Add feature tests asserting assignments are applied for endpoint security policies.
## Phase 4: Implementation
- [x] T010 Enable restore for `endpointSecurityPolicy` in `config/tenantpilot.php`.
- [x] T011 Implement template existence validation in restore preview and execution gating.
- [x] T012 Implement settings instance validation against resolved template definitions.
- [x] T013 Implement template mapping (if required) and ensure restore payload uses mapped template reference.
- [x] T014 Ensure restore applies assignments for endpoint security policies using existing mapping logic.
## Phase 5: Verification
- [x] T015 Run targeted tests.
- [x] T016 Run Pint (`./vendor/bin/pint --dirty`).
## Phase 6: Hardening (Incident-driven)
- [x] T017 Default unknown policy types to `preview-only` to avoid invalid Graph endpoints.
- [x] T018 Harden endpoint resolution fallback for configuration policy types (avoid `deviceManagement/{policyType}`).
- [x] T019 Surface Graph method/path in RestoreRun Results for faster debugging.
- [x] T020 Strip non-patchable fields for `endpointSecurityIntent` PATCH (`isAssigned`, `templateId`, `isMigratingToConfigurationPolicy`).
Reference in New Issue View Git Blame Copy Permalink