ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d90fb0f963
TenantAtlas/specs/017-policy-types-mam-endpoint-security-baselines/spec.md
ahmido 412dd7ad66 feat/017-policy-types-mam-endpoint-security-baselines (#23) 
Hydrate configurationPolicies/{id}/settings for endpoint security/baseline policies so snapshots include real rule data.
Treat those types like Settings Catalog policies in the normalizer so they show the searchable settings table, recognizable categories, and readable choice values (firewall-specific formatting + interface badge parsing).
Improve “General” tab cards: badge lists for platforms/technologies, template reference summary (name/family/version/ID), and ISO timestamps rendered as YYYY‑MM‑DD HH:MM:SS; added regression test for the view.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #23
2026-01-03 02:06:35 +00:00

2.3 KiB
Raw Blame History

Feature Specification: Policy Types (MAM App Config + Endpoint Security Policies + Security Baselines) (017)

Feature Branch: feat/017-policy-types-mam-endpoint-security-baselines Created: 2026-01-02 Status: Draft

User Scenarios & Testing

User Story 1 — MAM App Config backup & restore (Priority: P1)

As an admin, I want Managed App Configuration policies (App Config) to be inventoried, backed up, and restorable, so I can safely manage MAM configurations (Outlook, Teams, Edge, OneDrive, etc.) at scale.

This includes both:

  • App configuration (app-targeted) via deviceAppManagement/targetedManagedAppConfigurations
  • App configuration (managed device) via deviceAppManagement/mobileAppConfigurations

Acceptance Scenarios

  1. Given a tenant with App Config policies, when I sync policies, then I can see them in the policy inventory with correct type labels.
  2. Given a policy, when I add it to a backup set, then it is captured and a backup item is created.
  3. Given a backup item, when I start a restore preview, then I can see a safe preview of changes.

User Story 2 — Endpoint Security policies (not only intents) (Priority: P1)

As an admin, I want Endpoint Security policies (Firewall/Defender/ASR/BitLocker etc.) supported, so the Windows security core can be backed up and restored.

Acceptance Scenarios

  1. Given Endpoint Security policies exist, sync shows them as their own policy type.
  2. Backup captures them successfully.

User Story 3 — Security baselines (Priority: P1)

As an admin, I want Security Baselines supported because they are commonly used and are expected in a complete solution.

Acceptance Scenarios

  1. Given baseline policies exist, sync shows them.
  2. Backup captures them.

Requirements

Functional Requirements

  • FR-001: Add support for Managed App Configuration policies.
  • FR-002: Add support for Endpoint Security policies beyond intents.
  • FR-003: Add support for Security Baselines.
  • FR-004: Each new type must integrate with: inventory, backup, restore preview, and (where safe) restore execution.
  • FR-005: Changes must be covered by automated tests.

Success Criteria

  • SC-001: New policy types appear in inventory & picker.
  • SC-002: Backup/restore preview works for new types.
  • SC-003: No regressions in existing policy flows.