ahmido
6a1809fbe9
This PR completes Feature 014 (Enrollment & Autopilot). Adds normalization for: Autopilot deployment profiles (windowsAutopilotDeploymentProfile) Enrollment Status Page / ESP (windowsEnrollmentStatusPage) Enrollment Restrictions (enrollmentRestriction, restore remains preview-only) Improves settings readability: Autopilot OOBE settings are expanded into readable key/value entries Enrollment restriction platform restrictions are shown as explicit fields (with sensible defaults) Array/list values render as badges (avoids Blade rendering crashes on non-string values) Fixes enrollment configuration type collisions during sync: Canonical type resolution prevents enrollmentRestriction from “claiming” ESP items Safe reclassification updates existing wrong rows instead of skipping Enhances reclassification command: Can detect ESP even if a policy has no local versions (fetches snapshot from Graph) Dry-run by default; apply with --write Tests Added/updated unit + Filament feature tests for normalization and UI rendering. Preview-only enforcement for enrollment restrictions is covered. Targeted test suite and Pint are green. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #20
227 lines
7.9 KiB
PHP
227 lines
7.9 KiB
PHP
<?php
|
|
|
|
return [
|
|
'supported_policy_types' => [
|
|
[
|
|
'type' => 'deviceConfiguration',
|
|
'label' => 'Device Configuration',
|
|
'category' => 'Configuration',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/deviceConfigurations',
|
|
'filter' => "not isof('microsoft.graph.windowsUpdateForBusinessConfiguration')",
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'groupPolicyConfiguration',
|
|
'label' => 'Administrative Templates',
|
|
'category' => 'Configuration',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/groupPolicyConfigurations',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'settingsCatalogPolicy',
|
|
'label' => 'Settings Catalog Policy',
|
|
'category' => 'Configuration',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/configurationPolicies',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'windowsUpdateRing',
|
|
'label' => 'Software Update Ring',
|
|
'category' => 'Update Management',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/deviceConfigurations',
|
|
'filter' => "isof('microsoft.graph.windowsUpdateForBusinessConfiguration')",
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium-high',
|
|
],
|
|
[
|
|
'type' => 'windowsFeatureUpdateProfile',
|
|
'label' => 'Feature Updates (Windows)',
|
|
'category' => 'Update Management',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/windowsFeatureUpdateProfiles',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'high',
|
|
],
|
|
[
|
|
'type' => 'windowsQualityUpdateProfile',
|
|
'label' => 'Quality Updates (Windows)',
|
|
'category' => 'Update Management',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/windowsQualityUpdateProfiles',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'high',
|
|
],
|
|
[
|
|
'type' => 'deviceCompliancePolicy',
|
|
'label' => 'Device Compliance',
|
|
'category' => 'Compliance',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/deviceCompliancePolicies',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'appProtectionPolicy',
|
|
'label' => 'App Protection (MAM)',
|
|
'category' => 'Apps/MAM',
|
|
'platform' => 'mobile',
|
|
'endpoint' => 'deviceAppManagement/managedAppPolicies',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium-high',
|
|
],
|
|
[
|
|
'type' => 'conditionalAccessPolicy',
|
|
'label' => 'Conditional Access',
|
|
'category' => 'Conditional Access',
|
|
'platform' => 'all',
|
|
'endpoint' => 'identity/conditionalAccess/policies',
|
|
'backup' => 'full',
|
|
'restore' => 'preview-only',
|
|
'risk' => 'high',
|
|
],
|
|
[
|
|
'type' => 'deviceManagementScript',
|
|
'label' => 'PowerShell Scripts',
|
|
'category' => 'Scripts',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/deviceManagementScripts',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'deviceShellScript',
|
|
'label' => 'macOS Shell Scripts',
|
|
'category' => 'Scripts',
|
|
'platform' => 'macOS',
|
|
'endpoint' => 'deviceManagement/deviceShellScripts',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'deviceHealthScript',
|
|
'label' => 'Proactive Remediations',
|
|
'category' => 'Scripts',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/deviceHealthScripts',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'windowsAutopilotDeploymentProfile',
|
|
'label' => 'Windows Autopilot Profiles',
|
|
'category' => 'Autopilot',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/windowsAutopilotDeploymentProfiles',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium-high',
|
|
],
|
|
[
|
|
'type' => 'windowsEnrollmentStatusPage',
|
|
'label' => 'Enrollment Status Page (ESP)',
|
|
'category' => 'Enrollment',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/deviceEnrollmentConfigurations',
|
|
'filter' => "isof('microsoft.graph.windows10EnrollmentCompletionPageConfiguration')",
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'enrollmentRestriction',
|
|
'label' => 'Enrollment Restrictions',
|
|
'category' => 'Enrollment',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/deviceEnrollmentConfigurations',
|
|
'backup' => 'full',
|
|
'restore' => 'preview-only',
|
|
'risk' => 'high',
|
|
],
|
|
[
|
|
'type' => 'endpointSecurityIntent',
|
|
'label' => 'Endpoint Security Intents',
|
|
'category' => 'Endpoint Security',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/intents',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'high',
|
|
],
|
|
[
|
|
'type' => 'mobileApp',
|
|
'label' => 'Applications (Metadata only)',
|
|
'category' => 'Applications',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceAppManagement/mobileApps',
|
|
'backup' => 'metadata-only',
|
|
'restore' => 'enabled',
|
|
'risk' => 'low-medium',
|
|
],
|
|
],
|
|
|
|
'foundation_types' => [
|
|
[
|
|
'type' => 'assignmentFilter',
|
|
'label' => 'Assignment Filter',
|
|
'category' => 'Foundations',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/assignmentFilters',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'low',
|
|
],
|
|
[
|
|
'type' => 'roleScopeTag',
|
|
'label' => 'Scope Tag',
|
|
'category' => 'Foundations',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/roleScopeTags',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'low',
|
|
],
|
|
[
|
|
'type' => 'notificationMessageTemplate',
|
|
'label' => 'Notification Message Template',
|
|
'category' => 'Foundations',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/notificationMessageTemplates',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'low',
|
|
],
|
|
],
|
|
|
|
'features' => [
|
|
'conditional_access' => true,
|
|
],
|
|
|
|
'bulk_operations' => [
|
|
'chunk_size' => (int) env('TENANTPILOT_BULK_CHUNK_SIZE', 10),
|
|
'poll_interval_seconds' => (int) env('TENANTPILOT_BULK_POLL_INTERVAL_SECONDS', 3),
|
|
],
|
|
|
|
'display' => [
|
|
'show_script_content' => (bool) env('TENANTPILOT_SHOW_SCRIPT_CONTENT', false),
|
|
'max_script_content_chars' => (int) env('TENANTPILOT_MAX_SCRIPT_CONTENT_CHARS', 5000),
|
|
],
|
|
];
|