ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
cd73d7e944
TenantAtlas/specs/017-policy-types-mam-endpoint-security-baselines/spec.md
Ahmed Darrazi cd73d7e944 spec: policy types 017
2026-01-03 02:55:35 +01:00

2.3 KiB
Raw Blame History

Feature Specification: Policy Types (MAM App Config + Endpoint Security Policies + Security Baselines) (017)

Feature Branch: feat/017-policy-types-mam-endpoint-security-baselines Created: 2026-01-02 Status: Draft

User Scenarios & Testing

User Story 1 — MAM App Config backup & restore (Priority: P1)

As an admin, I want Managed App Configuration policies (App Config) to be inventoried, backed up, and restorable, so I can safely manage MAM configurations (Outlook, Teams, Edge, OneDrive, etc.) at scale.

This includes both:

  • App configuration (app-targeted) via deviceAppManagement/targetedManagedAppConfigurations
  • App configuration (managed device) via deviceAppManagement/mobileAppConfigurations

Acceptance Scenarios

  1. Given a tenant with App Config policies, when I sync policies, then I can see them in the policy inventory with correct type labels.
  2. Given a policy, when I add it to a backup set, then it is captured and a backup item is created.
  3. Given a backup item, when I start a restore preview, then I can see a safe preview of changes.

User Story 2 — Endpoint Security policies (not only intents) (Priority: P1)

As an admin, I want Endpoint Security policies (Firewall/Defender/ASR/BitLocker etc.) supported, so the Windows security core can be backed up and restored.

Acceptance Scenarios

  1. Given Endpoint Security policies exist, sync shows them as their own policy type.
  2. Backup captures them successfully.

User Story 3 — Security baselines (Priority: P1)

As an admin, I want Security Baselines supported because they are commonly used and are expected in a complete solution.

Acceptance Scenarios

  1. Given baseline policies exist, sync shows them.
  2. Backup captures them.

Requirements

Functional Requirements

  • FR-001: Add support for Managed App Configuration policies.
  • FR-002: Add support for Endpoint Security policies beyond intents.
  • FR-003: Add support for Security Baselines.
  • FR-004: Each new type must integrate with: inventory, backup, restore preview, and (where safe) restore execution.
  • FR-005: Changes must be covered by automated tests.

Success Criteria

  • SC-001: New policy types appear in inventory & picker.
  • SC-002: Backup/restore preview works for new types.
  • SC-003: No regressions in existing policy flows.