Feat(task): Check schema update

[MWG-Logan]

Update Deploy-CheckExtension.ps1 to match upstream managed schema

Brings the CyberDrain Check extension deployment task in line with the current managed_schema.json and upstream deploy script.

New Parameters

Parameter	Type	Default	Notes
ForceToolbarPin	int 0/1	1	Pin extension to toolbar (Edge: toolbar_state, Chrome: toolbar_pin)
ValidPageBadgeTimeout	int 0–300	5	Auto-dismiss timeout for valid page badge (seconds)
DomainSquattingEnabled	int 0/1	1	Master toggle for domain squatting detection
DomainSquattingDeviationThreshold	int 1–5	2	Levenshtein distance threshold
DomainSquattingLevenshtein	int 0/1	1	Levenshtein algorithm toggle
DomainSquattingHomoglyph	int 0/1	1	Homoglyph algorithm toggle
DomainSquattingTyposquat	int 0/1	1	Typosquatting algorithm toggle
DomainSquattingCombosquat	int 0/1	1	Combosquatting algorithm toggle
DomainSquattingProtectedDomains	string[]	—	Additional domains to protect
DomainSquattingAction	block/warn/log	block	Action on detection
DomainSquattingLogDetections	int 0/1	1	Log detections to activity log
EnableGenericWebhook	int 0/1	0	Enable webhook for detection events
WebhookUrl	string	—	Webhook endpoint URL
WebhookEvents	string[]	—	Event types to send
SupportUrl	string	—	Branding: Support link
PrivacyPolicyUrl	string	—	Branding: Privacy link
AboutUrl	string	—	Branding: About link
CippTenantIdOverride	string	—	Override ImmyBot's $azureTenantId for CIPP reporting

Changed

• urlAllowlist: Changed from a single MultiString registry value on the policy key to numbered String entries in a urlAllowlist subkey (1, 2, 3…), matching the upstream deploy script and how Chromium actually reads managed storage arrays.
• CippTenantId resolution: Resolved at script scope into $effectiveCippTenantId (override → $azureTenantId fallback) and passed explicitly into Get-DesiredItem. Fixes the scope-leak bug present in the Global repo version.
• Absent mode: Updated to null all new sections (domain squatting, webhook, new branding keys, toolbar pinning).

Removed

• $CompanyUrl parameter — companyURL branding key is not in the upstream managed schema.

Registry Structure (for reference)

HKLM:\...\policy\
├── showNotifications, enableValidPageBadge, validPageBadgeTimeout, ...
├── urlAllowlist\          ← numbered entries (1, 2, 3...)
├── domainSquatting\
│   ├── enabled, deviationThreshold, Action, logDetections
│   ├── algorithms\        ← levenshtein, homoglyph, typosquat, combosquat
│   └── protectedDomains\  ← numbered entries
├── genericWebhook\
│   ├── enabled, url
│   └── events\            ← numbered entries
└── customBranding\        ← companyName, productName, supportEmail, supportUrl, ...

[Copilot]

Pull request overview

Updates the ImmyBot task that deploys/manages the CyberDrain “Check” browser extension policies so its registry writes match the current upstream managed schema (notably: new policy areas and Chromium-style array storage).

Changes:

• Adds new task parameters and corresponding policy writes (toolbar pinning, valid badge timeout, domain squatting, generic webhook, new branding URLs, CIPP tenant override).
• Changes urlAllowlist storage from a single value to numbered string entries under a urlAllowlist subkey, matching upstream schema/behavior.
• Refactors CIPP tenant ID resolution to an explicit script-scope $effectiveCippTenantId and passes it into Get-DesiredItem.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.