ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d14ad7b525
TenantAtlas/specs/006-sot-foundations-assignments/quickstart.md
Ahmed Darrazi d14ad7b525 spec(006): add plan artifacts
2025-12-25 14:52:28 +01:00

56 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Quickstart: SoT Foundations & Assignments (006)
This is a developer/operator checklist to validate foundations-first restore and assignment-aware restore.
## Prerequisites
- Local dev via Sail.
- A tenant configured for Graph access with sufficient permissions for:
- Assignment filters: `DeviceManagementConfiguration.ReadWrite.All`
- Scope tags: `DeviceManagementRBAC.ReadWrite.All`
- Notification templates: `DeviceManagementServiceConfig.ReadWrite.All`
## Scenario A: Foundations backup + restore
1. In a test tenant, create:
- 12 assignment filters
- 12 scope tags (non-built-in)
- 1 notification message template
2. Run a sync + backup via the apps existing workflow.
3. In the target tenant, ensure those objects do not exist.
4. Run restore in **preview**:
- Verify preview includes a “Foundations” section.
- Verify it reports old→new mapping decisions.
5. Run restore in **execute**:
- Verify missing foundations are created.
- Verify collisions result in “created_copy” behavior (if you intentionally create same-named items beforehand).
## Scenario B: Assignment-aware restore
1. Create a policy that has assignments:
- Group targeting
- Assignment filters (include/exclude)
- Scope tags where applicable
2. Back up the tenant.
3. Restore into a target tenant where:
- some foundations exist
- some foundations are missing
4. Run restore preview:
- Verify assignments are marked “applied” only when mappings exist.
- Verify unsafe assignments are “skipped” with explicit reasons (no broad targeting).
5. Run restore execute:
- Verify the policy is restored.
- Verify assignment application uses the mapping.
## Scenario C: Conditional Access preview-only
1. Ensure the backup contains at least one Conditional Access policy.
2. Run restore preview:
- Verify CA items appear with a clear preview-only marker.
3. Run restore execute:
- Verify CA changes are not applied and are recorded as skipped/preview-only.
## Notes
- If UI changes dont appear, run the projects dev/build pipeline (`composer run dev` / `pnpm dev`) according to existing repo conventions.
Reference in New Issue View Git Blame Copy Permalink