arazzo: 1.0.1
info:
  title: Microsoft Endpoint Configuration Management Non-Compliance Report Drilldown
  summary: Pull the device, policy, and setting non-compliance reports inline in one pass.
  description: >-
    A compliance investigation flow built on the inline Intune reporting
    endpoints. The workflow retrieves the device non-compliance report, then
    drills into the compliance policy non-compliance report, and finally the
    compliance setting non-compliance report, giving an operator a layered view
    of where devices are falling out of policy. Every step spells out its
    request inline so the flow can be read and executed without opening the
    underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: intuneReportingExportApi
  url: ../openapi/microsoft-endpoint-configuration-management-intune-reporting-export-api-openapi.yml
  type: openapi
workflows:
- workflowId: noncompliance-report-drilldown
  summary: Retrieve device, policy, and setting non-compliance reports in sequence.
  description: >-
    Calls getDeviceNonComplianceReport, then getCompliancePolicyNonComplianceReport,
    then getComplianceSettingNonComplianceReport, each with the supplied filter,
    to drill from device-level into policy- and setting-level non-compliance.
  inputs:
    type: object
    properties:
      accessToken:
        type: string
        description: OAuth 2.0 bearer token for Microsoft Graph (DeviceManagementConfiguration.Read.All).
      filter:
        type: string
        description: Filter expression applied to each report.
      top:
        type: integer
        description: Maximum number of records to return per report.
  steps:
  - stepId: deviceReport
    description: Retrieve the device non-compliance report.
    operationId: getDeviceNonComplianceReport
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    requestBody:
      contentType: application/json
      payload:
        name: DeviceNonCompliance
        filter: $inputs.filter
        top: $inputs.top
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      deviceRowCount: $response.body#/totalRowCount
      deviceValues: $response.body#/values
  - stepId: policyReport
    description: Retrieve the compliance policy non-compliance report.
    operationId: getCompliancePolicyNonComplianceReport
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    requestBody:
      contentType: application/json
      payload:
        name: CompliancePolicyNonCompliance
        filter: $inputs.filter
        top: $inputs.top
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      policyRowCount: $response.body#/totalRowCount
      policyValues: $response.body#/values
  - stepId: settingReport
    description: Retrieve the compliance setting non-compliance report.
    operationId: getComplianceSettingNonComplianceReport
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    requestBody:
      contentType: application/json
      payload:
        name: ComplianceSettingNonCompliance
        filter: $inputs.filter
        top: $inputs.top
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      settingRowCount: $response.body#/totalRowCount
      settingValues: $response.body#/values
  outputs:
    deviceRowCount: $steps.deviceReport.outputs.deviceRowCount
    policyRowCount: $steps.policyReport.outputs.policyRowCount
    settingRowCount: $steps.settingReport.outputs.settingRowCount