PartnerSecurity.Read.All

Allows the app to read security alerts of customer with CSP relationship on behalf of the partner signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the PartnerSecurity.Read.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	21ffa320-2e7f-47d3-a466-7ff04d2dd68d	5567b981-0bf1-4796-9038-0648b46e116d
DisplayText	Read security alerts of customer with CSP relationship	Read security alerts of customer with CSP relationship
Description	Allows the app to read security alerts of customer with CSP relationship, without a signed-in user.	Allows the app to read security alerts of customer with CSP relationship on behalf of the partner signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /security/partner/securityAlerts
	GET /security/partner/securityAlerts/{partnerSecurityAlertId}
	GET /security/partner/securityScore
	GET /security/partner/securityScore/customerInsights
	GET /security/partner/securityScore/history
	GET /security/partner/securityScore/history/{securityScoreHistoryId}
	GET /security/partner/securityScore/requirements
	GET /security/partner/securityScore/requirements/{securityRequirementId}

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaSecurityPartnerSecurityAlert
	Get-MgBetaSecurityPartnerSecurityScore
	Get-MgBetaSecurityPartnerSecurityScoreCustomerInsight
	Get-MgBetaSecurityPartnerSecurityScoreHistory
	Get-MgBetaSecurityPartnerSecurityScoreRequirement

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: customerInsight

Property	Type	Description
mfa	microsoft.graph.partner.security.customerMfaInsight	Details of the customer's Entra tenant MFA policy configuration and usage.
tenantId	String	The unique identifier for the customer.

Graph reference: partnerSecurityAlert

Property	Type	Description
activityLogs	microsoft.graph.partner.security.activityLog collection	Represents the activity by a partner and includes details of state transitions, who performed them, and when they occurred.
additionalDetails	microsoft.graph.partner.security.additionalDataDictionary	A bag of name-value pairs that contain more details about an alert.
affectedResources	microsoft.graph.partner.security.affectedResource collection	Contains details of the resources affected by the security alert.
alertType	String	The type of vulnerability that impacts the customer due to this alert. For more information, see Security alerts reference guide.
catalogOfferId	String	The modern offer category ID of the subscription.
confidenceLevel	microsoft.graph.partner.security.securityAlertConfidence	Specifies the confidence in the alert. The possible values are: `low`, `medium`, `high`, `unknownFutureValue`.
customerTenantId	String	The impacted customer tenant associated with the alert.
description	String	The description for each alert.
detectedDateTime	DateTimeOffset	Time when the alert was detected or created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
displayName	String	The display name of the alert.
firstObservedDateTime	DateTimeOffset	Time of the first activity associated with the alert. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
id	String	Unique identifier to represent the alert. Inherited from microsoft.graph.entity.
isTest	Boolean	Indicates whether an alert is a test alert.
lastObservedDateTime	DateTimeOffset	Time of the latest activity associated with the alert. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
resolvedBy	String	The UPN of the partner user who resolved the alert.
resolvedOnDateTime	DateTimeOffset	Time when the alert was resolved. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
resolvedReason	microsoft.graph.partner.security.securityAlertResolvedReason	The reason provided by the partner for addressing the alert. The possible values are: `legitimate`, `ignore`, `fraud`, `unknownFutureValue`.
severity	microsoft.graph.partner.security.securityAlertSeverity	Indicates the possible impact on assets. The higher the severity the bigger the impact. Typically higher severity items require the most immediate attention. The possible values are: `informational`, `high`, `medium`, `low`, `unknownFutureValue`.
status	microsoft.graph.partner.security.securityAlertStatus	The status of the alert. The possible values are: `active`, `resolved`, `investigating`, `unknownFutureValue`.
subscriptionId	String	The subscription associated with the alert for the customer.
valueAddedResellerTenantId	String	The value-added reseller tenant associated with the partner tenant and customer tenant.

Graph reference: partnerSecurityScore

Property	Type	Description
currentScore	Single	The current security score for the partner.
lastRefreshDateTime	DateTimeOffset	The last time the data was checked.
maxScore	Single	The maximum score possible.
updatedDateTime	DateTimeOffset	The last time the security score or related properties changed.

Graph reference: securityRequirement

Property	Type	Description
actionUrl	String	The link to the site where the admin can take action on the requirement.
complianceStatus	microsoft.graph.partner.security.complianceStatus	Indicates whether the partner is compliant with this requirement. The possible values are: `compliant`, `noncomplaint`, `unknownFutureValue`.
helpUrl	String	The link to documentation for the requirement.
id	String	The unique identifier for the requirement. Inherited from microsoft.graph.entity.
maxScore	Int64	The maximum score possible for the requirement.
requirementType	microsoft.graph.partner.security.securityRequirementType	The type of requirement. The possible values are: `mfaEnforcedForAdmins`, `mfaEnforcedForAdminsOfCustomers`, `securityAlertsPromptlyResolved`, `securityContactProvided`, `spendingBudgetSetForCustomerAzureSubscriptions`, `unknownFutureValue`.
score	Int64	The score received for this requirement.
state	microsoft.graph.partner.security.securityRequirementState	Indicates whether the requirement is in preview or is fully released. The possible values are: `active`, `preview`, `unknownFutureValue`.
updatedDateTime	DateTimeOffset	The date the requirement properties were last updated.

Graph reference: securityScoreHistory

Property	Type	Description
compliantRequirementsCount	Int64	The number of compliant security requirements at the time.
createdDateTime	DateTimeOffset	The date the history entry was created.
id	String	The unique identifier for the history entry.
score	Double	The score recorded at the time.
totalRequirementsCount	Int64	The total number of requirements at the time.

Table of Contents

PartnerSecurity.Read.All

Graph Methods

Resources