ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
b6343d5c3a
TenantAtlas/specs/017-policy-types-mam-endpoint-security-baselines/tasks.md
ahmido 412dd7ad66 feat/017-policy-types-mam-endpoint-security-baselines (#23) 
Hydrate configurationPolicies/{id}/settings for endpoint security/baseline policies so snapshots include real rule data.
Treat those types like Settings Catalog policies in the normalizer so they show the searchable settings table, recognizable categories, and readable choice values (firewall-specific formatting + interface badge parsing).
Improve “General” tab cards: badge lists for platforms/technologies, template reference summary (name/family/version/ID), and ISO timestamps rendered as YYYY‑MM‑DD HH:MM:SS; added regression test for the view.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #23
2026-01-03 02:06:35 +00:00

3.0 KiB
Raw Blame History

Tasks: Policy Types (MAM App Config + Endpoint Security Policies + Security Baselines) (017)

Branch: feat/017-policy-types-mam-endpoint-security-baselines Date: 2026-01-02 Input: spec.md, plan.md

Phase 1: Setup

  • T001 Create spec/plan/tasks and checklist.

Phase 2: Inventory & Design

  • T002 Inventory existing policy types and identify missing graph resources.
  • T003 Decide type keys + restore modes for: app config, endpoint security policies, security baselines.

Phase 3: Tests (TDD)

  • T004 Add tests for policy sync listing new types (mamAppConfiguration, endpointSecurityPolicy, securityBaselinePolicy).
  • T005 Add tests for backup capture creating backup items for new types (mamAppConfiguration, endpointSecurityPolicy, securityBaselinePolicy).
  • T006 Add tests for restore preview for new types (at least preview-only for endpointSecurityPolicy, securityBaselinePolicy).

Phase 4: Implementation

  • T007 Add new types to config/tenantpilot.php.
  • T008 Add new graph contracts to config/graph_contracts.php.
  • T009 Implement any required snapshot/capture/restore handling.

Phase 4b: Follow-up (MAM Device App Config)

  • T012 Add managed device app configurations (mobileAppConfigurations) to supported types + graph contracts + sync test.

Phase 5: Verification

  • T010 Run targeted tests.
  • T011 Run Pint (./vendor/bin/pint --dirty).

Phase 5b: UI Polish

  • T013 Render Enabled/Disabled-like string values as badges in settings views for consistent UI.

Phase 4c: Bugfix

  • T014 Ensure configuration policy list sync selects technologies/templateReference so Endpoint Security + Baselines can be classified.

Phase 4d: UX Debuggability

  • T015 Show per-type sync failures in Policy sync UI so 0-synced cases are actionable.

Phase 4e: Bugfix (Graph OData)

  • T016 Fix configuration policy list sync $select to avoid unsupported version field (Graph 400).

Phase 4f: Bugfix (Enrollment OData)

  • T017 Fix ESP (windowsEnrollmentStatusPage) sync filter to avoid Graph 400 "Invalid filter PropertyName".

Phase 4g: Bugfix (Endpoint Security Classification)

  • T018 Fix endpoint security configuration policies being misclassified as settings catalog when technologies=mdm.

Phase 4h: Bugfix (Graph Pagination)

  • T019 Paginate Graph list responses so Endpoint Security policies on page 2+ are synced.

Phase 4i: Feature (Endpoint Security Settings Display)

  • T020 Hydrate configurationPolicies/{id}/settings for endpointSecurityPolicy + securityBaselinePolicy snapshots.
  • T021 Render Endpoint Security + Baselines via Settings Catalog normalizer/table (diff + UI).
  • T022 Prettify Endpoint Security template settings (use templateReference.templateDisplayName as fallback category + nicer Firewall rule labels/values).
  • T023 Improve Policy General tab cards (template reference summary, badges, readable timestamps).