Share via

Graph API returns 404 for Partner Security subjects that are documented as available

Roelof Spijker 0 Reputation points
2026-04-02T07:10:17.43+00:00

I'm getting 404 errors from the graph API when listing certain resources. Specifically history and requirements. This is in the context of a CSP Partner tenant, retrieving the partner security score and customer insights under the same endpoint works.

Why are these calls returning a 404? Are they not actually available? Is there an issue with the documentation? I'm making all of these calls with the same refreshtoken/accesstoken from a .NET application.

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-04-02T07:10:32.29+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    /security/partner/securityScore/history and /security/partner/securityScore/requirements are part of the Microsoft Graph beta partner security score API in the microsoft.graph.partner.security namespace.

    From the documentation:

    • These APIs are under /beta and are subject to change.
    • Use of these APIs in production applications is not supported.

    For partnerSecurityScore the documented methods include:

    • GET /security/partner/securityScore (works in the described scenario)
    • GET /security/partner/securityScore/customerInsights
    • GET /security/partner/securityScore/history
    • GET /security/partner/securityScore/requirements

    The requirements method is documented as:

    GET /security/partner/securityScore/requirements

    with the following permission requirements:

    • Delegated: PartnerSecurity.Read.All (least privileged) or PartnerSecurity.ReadWrite.All
    • Application: PartnerSecurity.Read.All (least privileged) or PartnerSecurity.ReadWrite.All

    Given that:

    • The tenant is CSP and can successfully call partnerSecurityScore and customerInsights with the same token, and
    • history and requirements are documented beta endpoints,

    the 404 behavior is consistent with beta APIs that are:

    • Not yet fully deployed or enabled for all tenants/regions, or
    • Temporarily unavailable or changed while the documentation still reflects the intended contract.

    In other words, the methods are documented as available, but as beta endpoints they can legitimately return 404 even when other partner security score calls succeed. This is not necessarily a token/permission issue if the same token works for the other partner security score operations.

    The supported and stable way to work with partner security posture today is primarily via:

    • The partnerSecurityScore root resource and its working navigation properties.
    • The Partner Center Security workspace (Security requirements dashboard, Security alerts, MFA statistics) for operational use.

    For this specific 404 on beta endpoints, the next step is to treat it as a beta-platform limitation or rollout gap rather than a misconfiguration in the application.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.