ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
b62d7c2ca5
TenantAtlas/specs/026-custom-compliance-scripts/spec.md
ahmido 602195324b spec/024-additional-intune-types (#28) 
specs for additional intune types

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #28
2026-01-04 02:27:44 +00:00

53 lines
2.4 KiB
Markdown
Raw Blame History

# Feature Specification: Custom Compliance Scripts (Windows) (026)
**Feature Branch**: `feat/026-custom-compliance-scripts`
**Created**: 2026-01-04
**Status**: Draft
**Priority**: P1
## Context
Windows Custom Compliance is widely used. Without `deviceComplianceScripts`, backup/restore for compliance posture is incomplete. Restore must include assignments.
## User Scenarios & Testing
### User Story 1 — Inventory + view compliance scripts (Priority: P1)
As an admin, I can see Custom Compliance Scripts in inventory and view their script/config in a readable way.
**Acceptance Scenarios**
1. Given device compliance scripts exist, sync shows them as type `deviceComplianceScript`.
2. Detail view shows key settings (runAsAccount, enforceSignatureCheck, runAs32Bit) and script content (safe display rules).
### User Story 2 — Backup + versioning (Priority: P1)
As an admin, I can capture versions/backups of compliance scripts so I can diff changes.
**Acceptance Scenarios**
1. Snapshot capture stores the full payload including `detectionScriptContent`.
2. Diff highlights script changes and operational flags.
### User Story 3 — Restore preview + execution (Priority: P1)
As an admin, I can restore a compliance script and its assignments defensively.
**Acceptance Scenarios**
1. Preview shows create/update + restore mode and warnings.
2. Execution strips read-only fields and re-encodes script content correctly.
3. Assignments are applied via Graph assign action.
## Requirements
### Functional Requirements
- **FR-001**: Add policy type `deviceComplianceScript` backed by Graph `deviceManagement/deviceComplianceScripts` (beta).
- **FR-002**: Snapshot stores full payload (including `detectionScriptContent`) and assignments.
- **FR-003**: Restore supports create/update with contract-driven sanitization.
- **FR-004**: Restore applies assignments (`/assign`) and records audit logs.
- **FR-005**: Add normalized display support for key fields and script content (with safety limits).
- **FR-006**: Add Pest tests for sync + snapshot + preview + execution.
### Non-Functional Requirements
- **NFR-001**: Script content must never be logged; UI display must be bounded (config-driven).
- **NFR-002**: Preview-only fallback when Graph returns unexpected shapes or missing contracts.
## Success Criteria
- **SC-001**: Custom compliance scripts appear in inventory and backups.
- **SC-002**: Restore execution works and assignments are applied.
Reference in New Issue View Git Blame Copy Permalink