arazzo: 1.0.1
info:
  title: Microsoft Endpoint Configuration Management User Device Inventory
  summary: List a user's Azure AD owned devices and correlate them with their Intune managed devices.
  description: >-
    A user-centric inventory flow over the Microsoft Graph API. The workflow
    lists the devices a user owns in Azure Active Directory, then lists the
    Intune managed devices filtered to the same user principal name so an
    operator can see which owned devices are actually enrolled and managed.
    Every step spells out its request inline so the flow can be read and
    executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: intuneGraphApi
  url: ../openapi/microsoft-endpoint-configuration-management-intune-graph-api-openapi.yml
  type: openapi
workflows:
- workflowId: user-device-inventory
  summary: List a user's owned devices and their enrolled managed devices.
  description: >-
    Lists the user's Azure AD owned devices, then lists the Intune managed
    devices filtered by the supplied user principal name.
  inputs:
    type: object
    required:
    - userId
    - userPrincipalName
    properties:
      accessToken:
        type: string
        description: OAuth 2.0 bearer token for Microsoft Graph (DeviceManagementManagedDevices.Read.All).
      userId:
        type: string
        description: The Azure AD object id of the user.
      userPrincipalName:
        type: string
        description: The user principal name used to filter managed devices.
  steps:
  - stepId: listOwnedDevices
    description: List the devices the user owns in Azure Active Directory.
    operationId: listUserOwnedDevices
    parameters:
    - name: userId
      in: path
      value: $inputs.userId
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    - name: $top
      in: query
      value: 100
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      ownedDevices: $response.body#/value
  - stepId: listManagedForUser
    description: List Intune managed devices filtered to the supplied user principal name.
    operationId: listManagedDevices
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    - name: $filter
      in: query
      value: "userPrincipalName eq '$inputs.userPrincipalName'"
    - name: $top
      in: query
      value: 100
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      managedDevices: $response.body#/value
  outputs:
    ownedDevices: $steps.listOwnedDevices.outputs.ownedDevices
    managedDevices: $steps.listManagedForUser.outputs.managedDevices