ahmido
d2dbc52a32
## Summary - Capture and restore foundation types (assignment filters, scope tags, notification templates) with deterministic mapping. - Apply foundation mappings during restore (scope tags on policy payloads, assignment filter mapping with skip reasons). - Improve restore run UX (item selection, rerun action, preview-only badges). - Enforce preview-only policy types (e.g. Conditional Access) during execution. ## Testing - ./vendor/bin/sail artisan test tests/Feature/Filament/ConditionalAccessPreviewOnlyTest.php ## Notes - Specs/plan/tasks updated under specs/006-sot-foundations-assignments. - No migrations. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #7
160 lines
5.4 KiB
PHP
160 lines
5.4 KiB
PHP
<?php
|
|
|
|
return [
|
|
'supported_policy_types' => [
|
|
[
|
|
'type' => 'deviceConfiguration',
|
|
'label' => 'Device Configuration',
|
|
'category' => 'Configuration',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/deviceConfigurations',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'settingsCatalogPolicy',
|
|
'label' => 'Settings Catalog Policy',
|
|
'category' => 'Configuration',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/configurationPolicies',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'deviceCompliancePolicy',
|
|
'label' => 'Device Compliance',
|
|
'category' => 'Compliance',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/deviceCompliancePolicies',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'appProtectionPolicy',
|
|
'label' => 'App Protection (MAM)',
|
|
'category' => 'Apps/MAM',
|
|
'platform' => 'mobile',
|
|
'endpoint' => 'deviceAppManagement/managedAppPolicies',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium-high',
|
|
],
|
|
[
|
|
'type' => 'conditionalAccessPolicy',
|
|
'label' => 'Conditional Access',
|
|
'category' => 'Conditional Access',
|
|
'platform' => 'all',
|
|
'endpoint' => 'identity/conditionalAccess/policies',
|
|
'backup' => 'full',
|
|
'restore' => 'preview-only',
|
|
'risk' => 'high',
|
|
],
|
|
[
|
|
'type' => 'deviceManagementScript',
|
|
'label' => 'PowerShell Scripts',
|
|
'category' => 'Scripts',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/deviceManagementScripts',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'enrollmentRestriction',
|
|
'label' => 'Enrollment Restrictions',
|
|
'category' => 'Enrollment',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/deviceEnrollmentConfigurations',
|
|
'backup' => 'full',
|
|
'restore' => 'preview-only',
|
|
'risk' => 'high',
|
|
],
|
|
[
|
|
'type' => 'windowsAutopilotDeploymentProfile',
|
|
'label' => 'Windows Autopilot Profiles',
|
|
'category' => 'Autopilot',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/windowsAutopilotDeploymentProfiles',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium-high',
|
|
],
|
|
[
|
|
'type' => 'windowsEnrollmentStatusPage',
|
|
'label' => 'Enrollment Status Page (ESP)',
|
|
'category' => 'Enrollment',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/deviceEnrollmentConfigurations',
|
|
'filter' => "odata.type eq '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration'",
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'medium',
|
|
],
|
|
[
|
|
'type' => 'endpointSecurityIntent',
|
|
'label' => 'Endpoint Security Intents',
|
|
'category' => 'Endpoint Security',
|
|
'platform' => 'windows',
|
|
'endpoint' => 'deviceManagement/intents',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'high',
|
|
],
|
|
[
|
|
'type' => 'mobileApp',
|
|
'label' => 'Applications (Metadata only)',
|
|
'category' => 'Applications',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceAppManagement/mobileApps',
|
|
'backup' => 'metadata-only',
|
|
'restore' => 'enabled',
|
|
'risk' => 'low-medium',
|
|
],
|
|
],
|
|
|
|
'foundation_types' => [
|
|
[
|
|
'type' => 'assignmentFilter',
|
|
'label' => 'Assignment Filter',
|
|
'category' => 'Foundations',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/assignmentFilters',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'low',
|
|
],
|
|
[
|
|
'type' => 'roleScopeTag',
|
|
'label' => 'Scope Tag',
|
|
'category' => 'Foundations',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/roleScopeTags',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'low',
|
|
],
|
|
[
|
|
'type' => 'notificationMessageTemplate',
|
|
'label' => 'Notification Message Template',
|
|
'category' => 'Foundations',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/notificationMessageTemplates',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'low',
|
|
],
|
|
],
|
|
|
|
'features' => [
|
|
'conditional_access' => true,
|
|
],
|
|
|
|
'bulk_operations' => [
|
|
'chunk_size' => (int) env('TENANTPILOT_BULK_CHUNK_SIZE', 10),
|
|
'poll_interval_seconds' => (int) env('TENANTPILOT_BULK_POLL_INTERVAL_SECONDS', 3),
|
|
],
|
|
];
|