ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
cd73d7e944
TenantAtlas/specs/017-policy-types-mam-endpoint-security-baselines/tasks.md
Ahmed Darrazi cd73d7e944 spec: policy types 017
2026-01-03 02:55:35 +01:00

3.0 KiB
Raw Blame History

Tasks: Policy Types (MAM App Config + Endpoint Security Policies + Security Baselines) (017)

Branch: feat/017-policy-types-mam-endpoint-security-baselines Date: 2026-01-02 Input: spec.md, plan.md

Phase 1: Setup

  • T001 Create spec/plan/tasks and checklist.

Phase 2: Inventory & Design

  • T002 Inventory existing policy types and identify missing graph resources.
  • T003 Decide type keys + restore modes for: app config, endpoint security policies, security baselines.

Phase 3: Tests (TDD)

  • T004 Add tests for policy sync listing new types (mamAppConfiguration, endpointSecurityPolicy, securityBaselinePolicy).
  • T005 Add tests for backup capture creating backup items for new types (mamAppConfiguration, endpointSecurityPolicy, securityBaselinePolicy).
  • T006 Add tests for restore preview for new types (at least preview-only for endpointSecurityPolicy, securityBaselinePolicy).

Phase 4: Implementation

  • T007 Add new types to config/tenantpilot.php.
  • T008 Add new graph contracts to config/graph_contracts.php.
  • T009 Implement any required snapshot/capture/restore handling.

Phase 4b: Follow-up (MAM Device App Config)

  • T012 Add managed device app configurations (mobileAppConfigurations) to supported types + graph contracts + sync test.

Phase 5: Verification

  • T010 Run targeted tests.
  • T011 Run Pint (./vendor/bin/pint --dirty).

Phase 5b: UI Polish

  • T013 Render Enabled/Disabled-like string values as badges in settings views for consistent UI.

Phase 4c: Bugfix

  • T014 Ensure configuration policy list sync selects technologies/templateReference so Endpoint Security + Baselines can be classified.

Phase 4d: UX Debuggability

  • T015 Show per-type sync failures in Policy sync UI so 0-synced cases are actionable.

Phase 4e: Bugfix (Graph OData)

  • T016 Fix configuration policy list sync $select to avoid unsupported version field (Graph 400).

Phase 4f: Bugfix (Enrollment OData)

  • T017 Fix ESP (windowsEnrollmentStatusPage) sync filter to avoid Graph 400 "Invalid filter PropertyName".

Phase 4g: Bugfix (Endpoint Security Classification)

  • T018 Fix endpoint security configuration policies being misclassified as settings catalog when technologies=mdm.

Phase 4h: Bugfix (Graph Pagination)

  • T019 Paginate Graph list responses so Endpoint Security policies on page 2+ are synced.

Phase 4i: Feature (Endpoint Security Settings Display)

  • T020 Hydrate configurationPolicies/{id}/settings for endpointSecurityPolicy + securityBaselinePolicy snapshots.
  • T021 Render Endpoint Security + Baselines via Settings Catalog normalizer/table (diff + UI).
  • T022 Prettify Endpoint Security template settings (use templateReference.templateDisplayName as fallback category + nicer Firewall rule labels/values).
  • T023 Improve Policy General tab cards (template reference summary, badges, readable timestamps).