ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
cb3da561ef
TenantAtlas/specs/025-policy-sets/spec.md
ahmido 602195324b spec/024-additional-intune-types (#28) 
specs for additional intune types

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #28
2026-01-04 02:27:44 +00:00

52 lines
2.6 KiB
Markdown
Raw Blame History

# Feature Specification: Policy Sets (Intune native bundling) (025)
**Feature Branch**: `feat/025-policy-sets`
**Created**: 2026-01-04
**Status**: Draft
**Priority**: P1
## Context
Policy Sets are an Intune-native way to bundle multiple policies/apps into a deployable set. For tenants that rely on Policy Sets, “Tenant-as-Code” is incomplete without at least inventory + backup and a restore preview that highlights missing links.
## User Scenarios & Testing
### User Story 1 — Inventory + view Policy Sets (Priority: P1)
As an admin, I can see Policy Sets and inspect their composition (items) and assignments.
**Acceptance Scenarios**
1. Given a tenant uses Policy Sets, when I sync policies, then Policy Sets appear as type `policySet`.
2. Given a Policy Set, when I view details, then I see a readable list of included items and assignments.
### User Story 2 — Backup + version history (Priority: P1)
As an admin, I can capture immutable snapshots of Policy Sets (including items) and diff versions.
**Acceptance Scenarios**
1. Given a Policy Set, when I add it to a backup set, then the snapshot includes items and assignments (as supported by Graph).
2. Given two versions, diffs highlight changed items and assignment targets.
### User Story 3 — Restore preview (linking) (Priority: P1)
As an admin, I can run a restore preview that explains which Policy Set items can be linked in the target tenant and which are missing.
**Acceptance Scenarios**
1. Given a Policy Set snapshot referencing policies/apps by ID, when I run preview, then TenantPilot reports missing vs resolvable items.
2. Given missing referenced objects, preview warns and blocks execution unless resolved.
## Requirements
### Functional Requirements
- **FR-001**: Add policy type `policySet` backed by Graph `deviceAppManagement/policySets`.
- **FR-002**: Capture Policy Set payload + `items` subresource (and assignments if applicable).
- **FR-003**: Restore preview MUST validate referenced IDs and provide a linking report.
- **FR-004**: Restore execution is allowed only when all referenced items can be mapped safely (or stays preview-only initially).
- **FR-005**: Add Pest tests for sync + snapshot + preview linking report.
### Non-Functional Requirements
- **NFR-001**: No destructive writes without explicit confirmation and audit logs.
- **NFR-002**: Linking errors must be actionable (show which item is missing and why).
## Success Criteria
- **SC-001**: Policy Sets are visible and backed up.
- **SC-002**: Preview makes missing dependencies obvious.
- **SC-003**: If enabled, execution links only safe, mapped items.
Reference in New Issue View Git Blame Copy Permalink