Secure Score calculation using REST API

Hi, we are building a Power BI report to report on Defender for Cloud secure scores across multi-tenants (we are a MSP). We are comparing our results with the dashboard and would are seeking clarification on:

1. How can we tell if a Recommendation is flagged as preview from API data? (https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls#which-recommendations-are-included-in-the-secure-score-calculations)
2. What indicates that a Control or Recommendation is Active? (Active items next tot the Secure Score in the Azure portal)
3. In the Assessment (https://docs.microsoft.com/en-us/rest/api/defenderforcloud/assessments/get?tabs=HTTP#get-security-recommendation-task-from-security-data-location-with-expand-parameter) we can identify the Source as AWS, but how do we get the Defender for Cloud calculated secure score for non-Azure sources (such as AWS) -  https://docs.microsoft.com/en-us/rest/api/defenderforcloud/secure-scores/get?tabs=HTTP
4. How do we tell that a Recommendation is scored by the Secure Score (Secure Score recommendations vs All recommendations) on the Azure portal?

Regards

Pieter