ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
bc846d7c5c
TenantAtlas/specs/014-enrollment-autopilot/spec.md
ahmido 6a1809fbe9 014-enrollment-autopilot (#20) 
This PR completes Feature 014 (Enrollment & Autopilot).

Adds normalization for:
Autopilot deployment profiles (windowsAutopilotDeploymentProfile)
Enrollment Status Page / ESP (windowsEnrollmentStatusPage)
Enrollment Restrictions (enrollmentRestriction, restore remains preview-only)
Improves settings readability:
Autopilot OOBE settings are expanded into readable key/value entries
Enrollment restriction platform restrictions are shown as explicit fields (with sensible defaults)
Array/list values render as badges (avoids Blade rendering crashes on non-string values)
Fixes enrollment configuration type collisions during sync:
Canonical type resolution prevents enrollmentRestriction from “claiming” ESP items
Safe reclassification updates existing wrong rows instead of skipping
Enhances reclassification command:
Can detect ESP even if a policy has no local versions (fetches snapshot from Graph)
Dry-run by default; apply with --write
Tests

Added/updated unit + Filament feature tests for normalization and UI rendering.
Preview-only enforcement for enrollment restrictions is covered.
Targeted test suite and Pint are green.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #20
2026-01-02 11:59:21 +00:00

6.2 KiB
Raw Blame History

Feature Specification: Enrollment & Autopilot

Feature Branch: 014-enrollment-autopilot
Created: 2026-01-01
Status: Draft
Input: User description: "Improve enrollment and Autopilot configuration safety by adding readable normalized settings, reliable snapshot capture, and safe restore behavior for enrollment restrictions, enrollment status page, and Autopilot deployment profiles."

User Scenarios & Testing (mandatory)

User Story 1 - Restore Autopilot/ESP safely (Priority: P1)

As an admin, I want to restore Autopilot deployment profiles and the Enrollment Status Page configuration from saved snapshots so I can recover enrollment readiness after changes.

Why this priority: Enrollment misconfiguration blocks device onboarding; fast recovery is critical.

Independent Test: Can be tested by restoring one Autopilot profile and one Enrollment Status Page item from snapshots into a target tenant and verifying they match the snapshot.

Acceptance Scenarios:

  1. Given a saved Autopilot deployment profile snapshot and a target tenant where the profile is missing, When I restore it, Then a new profile is created and restore reports success.
  2. Given a saved Enrollment Status Page snapshot and a target tenant where the item exists with differences, When I restore it, Then the configuration is updated to match the snapshot and restore reports success.

User Story 2 - Restore behavior is explicit for high-risk enrollment restrictions (Priority: P2)

As an admin, I want high-risk enrollment restrictions to be handled explicitly (preview-only unless intentionally enabled) so I do not accidentally break enrollment flows.

Why this priority: Enrollment restrictions can lock out device onboarding; accidental changes are high impact.

Independent Test: Can be tested by attempting restore of an enrollment restriction item and verifying the system does not apply changes when it is configured as preview-only.

Acceptance Scenarios:

  1. Given an enrollment restriction snapshot and the feature is allowed for preview-only, When I run restore execution, Then the system skips applying changes and records a result indicating preview-only behavior.

User Story 3 - Readable normalized settings (Priority: P3)

As an admin, I want to view readable normalized settings for Autopilot and Enrollment configurations so I can understand what will happen during device onboarding.

Why this priority: Enrollment troubleshooting is faster when key settings are visible and consistent.

Independent Test: Can be tested by opening a version details page and confirming a stable normalized settings view is present and readable.

Acceptance Scenarios:

  1. Given a saved Autopilot/ESP snapshot, When I view the policy version, Then I see a normalized settings view that highlights key enrollment-relevant fields.

[Add more user stories as needed, each with an assigned priority]

Edge Cases

  • Autopilot or ESP configuration in the target tenant is missing: system must create or clearly fail with an actionable reason.
  • Restoring Enrollment Status Page items must not silently drop settings; failures must be explicit.
  • Enrollment restrictions remain preview-only unless explicitly enabled by product decision; execution must not apply them by default.
  • Assignments (if present for these types) that cannot be mapped must be reported as manual-required.

Requirements (mandatory)

Functional Requirements

  • FR-001: System MUST support listing and viewing enrollment and Autopilot configuration items for the supported types.
  • FR-002: System MUST capture snapshots for these configuration items that are sufficient for later restore.
  • FR-003: System MUST support restore for Autopilot deployment profiles and Enrollment Status Page configuration.
  • FR-004: System MUST treat enrollment restrictions as high risk and default them to preview-only behavior unless explicitly enabled.
  • FR-005: System MUST present a readable normalized settings view for these configuration items and their versions.
  • FR-006: System MUST prevent restore execution if the snapshot type does not match the target item type.
  • FR-007: System MUST record audit entries for restore preview and restore execution attempts.

Key Entities (include if feature involves data)

  • Autopilot Deployment Profile: A configuration object that defines device provisioning behavior during Autopilot.
  • Enrollment Status Page Configuration: A configuration object that defines the onboarding status experience during enrollment.
  • Enrollment Restriction: A high-risk configuration object that can block or constrain enrollment.
  • Snapshot: An immutable capture of a configuration object at a point in time.

Success Criteria (mandatory)

Measurable Outcomes

  • SC-001: An admin can complete a restore preview for a single Autopilot/ESP item in under 1 minute.
  • SC-002: In a test tenant, restoring Autopilot deployment profiles and Enrollment Status Page results in configurations matching the snapshot for 100% of supported items.
  • SC-003: Enrollment restrictions remain non-executable by default (preview-only) with clear status reporting in 100% of attempts.
  • SC-004: Normalized settings views for these items are stable and readable (same snapshot yields identical normalized output).