How to retrieve noncompliant setting and noncompliant policy when exporting reports using Graph

Question

Hello Team,

We are currently building a solution that needs to export the report Noncompliant devices and settings. I have noticed that it's analog in graph is DeviceNonCompliance

which unfortunatelly does not contain some of the columns like - noncompliant setting and noncompliant policy.

May I please ask for a hint how to retrieve them?

Thanks in advance!

Answer 1

@Licheva-Sharbanova, Desislava, Thanks for posting in Q&A. Based on my checking, there's a report named "Noncompliant devices and settings" in Intune portal. After capturing DevTool Log, I find it will do a POST action and then a get action to get the report:

POST

https://graph.microsoft.com/beta/deviceManagement/reports/cachedReportConfigurations

Payload:

{"id":"NoncompliantDevicesAndSettings_00000000-0000-0000-0000-000000000001","filter":"","orderBy":[],"select":["DeviceName","SettingNm","PolicyName","CalculatedPolicyVersion","LatestPolicyVersion","SettingStatus","ErrorCodeString","UPN","OS","LastContact"],"metadata":"=>filterPicker=dW5kZWZpbmVk"}

GET

https://graph.microsoft.com/beta/deviceManagement/reports/cachedReportConfigurations('NoncompliantDevicesAndSettings_00000000-0000-0000-0000-000000000001')

Hope the information can help.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

I believe said properties are not available via the DeviceNonCompliance report. If you want to grab the per-policy data, you need to run the DevicePoliciesCompliance one (https://learn.microsoft.com/en-us/graph/api/intune-reporting-devicemanagementreports-getdevicepoliciescompliancereport?view=graph-rest-1.0), which you need to filter by specific deviceId.