In This Article
Organizations with a Microsoft Secure Score above 80% experience 67% fewer security incidents, according to the Microsoft Security Intelligence Report. Most organizations sit between 30% and 45%. That gap is where breaches happen.
For mortgage IT professionals, Secure Score is more than a dashboard metric. Cyber insurers now factor it into premium calculations. Procurement teams request it during vendor evaluations. The OCC 2025 Cybersecurity Report listed security posture visibility as a regulatory expectation for financial institutions. Access Business Technologies manages Microsoft 365 tenants for more than 750 financial institutions, and Secure Score posture is one of the first numbers every onboarding conversation surfaces.
This guide walks through how to raise your Secure Score from a starting point to a defensible position, and how M365 Guardian from ABT operationalizes that work so the score keeps climbing after the initial sprint.
Why Microsoft Secure Score Matters for Mortgage Companies in 2026
Microsoft Secure Score evaluates your tenant's security posture across four categories: Identity, Devices, Apps, and Data. A higher score means more recommended actions are implemented. A lower score means gaps exist.
Three forces make this score critical right now:
- Cyber insurance requirements. Insurers now request live endpoint detection telemetry and posture data during renewals. A Secure Score below 60% signals risk that drives premiums up.
- Regulatory pressure. The FTC Safeguards Rule mandates MFA, encryption, and continuous monitoring for mortgage lenders. Each requirement maps directly to Secure Score recommendations inside Microsoft Defender and Microsoft Purview.
- Vendor trust. Warehouse lenders and correspondent partners increasingly treat Secure Score as a prerequisite for doing business. Procurement teams now ask for the number before issuing a counterparty agreement.
The Real Path to a Higher Score: Recommendations, Defender, and Purview
Most IT teams treat Microsoft Secure Score as a number to chase. The score itself is just the readout. The actual path to a higher score is a disciplined sequence of three things, executed against the live tenant rather than a checklist on a whiteboard. Score recommendations identify the work; Microsoft Defender does the threat-side enablement; Microsoft Purview does the records-and-data-protection side. The score moves only when all three layers move together. Microsoft Secure Score recommendations inside the Microsoft Defender portal surface the specific controls Microsoft has graded for your tenant licensing tier. Enabling them in the right order, with the right exclusions for your business workflows, is the unlock. The score sub-categories make the order visible: Identity actions tend to be the biggest single-step jumps (MFA enforcement, Conditional Access in Grant mode rather than Report-Only, blocking legacy authentication, retiring stale Entra ID accounts), Devices follows once Intune compliance policies are pushed and unmanaged endpoints are blocked, Apps and Data come last because the configuration of Microsoft Purview Data Loss Prevention rules, retention policies, sensitivity labels, and Audit Premium retention requires the identity and device layer to be settled first. Microsoft Defender enablement across the suite (Defender for Office 365 anti-phishing and Safe Links, Defender for Endpoint device-side detection, Defender for Identity user-behavior analytics, Defender for Cloud Apps shadow-IT discovery) closes the threat-detection half of the recommendation set. Without Defender enabled, the score caps out in the 60s no matter how clean your identity posture looks. With Defender configured and tuned to your environment, the recommendations resolve and the score climbs into the 85+ range that examiners and underwriters now expect. For ABT's fuller take, see Mastering Cybersecurity Workflow Management.
The score-maximization work is operational, not theoretical, and that is the reason most internal IT teams stall in the 50s. The recommendations sit in the Defender portal. The Purview policies sit in the Purview portal. The Intune policies sit in the Intune admin center. The Entra ID Conditional Access policies sit in the Entra admin center. Pulling all of them into a single executable plan, monitoring drift nightly, and producing a trend chart for leadership is where most teams run out of capacity. That is the operational gap M365 Guardian and Guardian Security Insights are designed to close. M365 Guardian is ABT's productized score-maximization framework, a documented operating model layered on top of Microsoft Defender, Purview, Intune, Entra ID, and Sentinel that turns the score recommendations into a prioritized weekly work plan for the IT team. Guardian Security Insights is the visualization layer on top of that work, the nightly score deltas, the category-by-category trend lines, the simulator that shows the expected score impact of each pending change before resources are committed, and the underwriter-ready report that documents the trajectory. The number on the dashboard becomes the byproduct of the framework, not the goal.
Step-by-Step: Raising Your Secure Score
Step 1: Baseline Your Current Score
Log into Microsoft Defender and check your Secure Score. Note the total and the breakdown by category. Write it down. This is your "before" number.
Step 2: Fix MFA First
MFA is the single highest-impact action for most tenants. The FTC Safeguards Rule requires it. Microsoft recommends it. Cyber insurers expect it. If you are not at 100% MFA enrollment, start here. Conditional Access in Microsoft Entra ID makes the enforcement durable, not just a one-time enrollment push.
Step 3: Kill Stale Accounts
Every inactive account is an attack surface. Scan Microsoft Entra ID for accounts with no sign-in activity in 90 days. Disable or remove them. This step alone can raise your score by 10 to 15 percent.
Step 4: Address Unmanaged Devices
Devices accessing your tenant without Microsoft Intune compliance policies are a blind spot. Require device enrollment. Block access from non-compliant endpoints via Conditional Access. This tightens both your score and your actual security.
Step 5: Track Progress Weekly
Set a cadence. Every Friday, check the score. Guardian Security Insights automates this with trend charts that show your trajectory over time. Show the trend line to leadership during quarterly reviews.
M365 Guardian and Guardian Security Insights: ABT's Productized Score-Maximization Framework
Microsoft ships the Secure Score recommendations. ABT operationalizes them. M365 Guardian is the productized framework ABT runs for mortgage companies, banks, and credit unions that need their Secure Score to move from a low-50s baseline to the 85+ range examiners and underwriters now expect. It is not a license SKU. It is an operating model layered on top of Microsoft 365 Business Premium, E3, or E5, delivered through ABT's Tier-1 Direct-Bill Cloud Solution Provider relationship with Microsoft. The framework covers the disciplined sequencing of Microsoft Defender enablement, Microsoft Purview policy configuration, Microsoft Entra ID Conditional Access tuning, and Microsoft Intune device compliance, plus the 24/7 monitoring through Microsoft Sentinel that watches for drift. Guardian Security Insights is the dashboard layer that makes the framework visible to IT directors and leadership: nightly score deltas, category-by-category trend lines, the simulator that shows expected score impact before changes are made, and the underwriter-ready report that documents trajectory for cyber insurance renewals. The combination turns the Secure Score number into the readout of a managed operating model, which is the difference between a one-time hardening sprint and a posture that holds through an examination cycle. See also our breakdown of Why Higher Standards Beat Microsoft Secure Score's Curve.
Real-World Secure Score Improvements
- 32% to 93% in six months. Mason-McDuffie Mortgage, a Bay Area retail lender with 350 employees across 40 states, partnered with ABT and raised their Secure Score from a concerning 32% to over 90% through Guardian's hardening and monitoring program.
- 100% MFA adoption in three months. A mortgage company identified significant MFA gaps across user accounts. Following Guardian's prioritized recommendations, they achieved full MFA compliance and cut unauthorized access risk by 99.9%.
- 50+ stale accounts removed. A mid-size lender discovered over 50 inactive accounts. Systematic cleanup through Guardian Security Insights improved their score by 15% and closed attack vectors that had been open for years.
The Cyber Insurance Connection
Cyber insurance premiums for financial services firms have climbed steadily since 2023. Underwriters now request specific evidence of security controls before quoting coverage.
A strong Secure Score provides that evidence. It documents MFA enrollment, device compliance, data protection policies through Microsoft Purview, and identity management through Microsoft Entra ID. Guardian Security Insights generates the reports that underwriters want to see. This connects closely to Transforming Your Secure Score Into a Cybersecurity Roadmap.
Higher scores mean lower premiums. It is that direct.
Turn Your Secure Score Into a Defensible Posture
ABT runs M365 Guardian and Guardian Security Insights for mortgage companies, banks, and credit unions that need their Secure Score to move from a low-50s baseline to the 85+ range examiners and cyber underwriters expect. A 30-minute conversation maps your current score, surfaces the highest-impact recommendations, and outlines what an ABT-managed score-maximization engagement would cover. No commitment, no quote, no obligation.
Frequently Asked Questions
Most organizations start between 30% and 45%. A score above 80% is considered excellent and correlates with 67% fewer security incidents according to the Microsoft Security Intelligence Report. ABT targets 90%+ for its managed clients. Any mortgage company handling borrower data under FTC Safeguards Rule obligations should aim for at least 75% as a baseline, and the path there runs through Microsoft Defender enablement and Microsoft Purview policy configuration, sequenced through the M365 Guardian framework.
Before renewal, document MFA enrollment rates from Microsoft Entra ID, Conditional Access policy coverage, endpoint compliance percentages from Microsoft Intune, and Microsoft Purview Data Loss Prevention activation across all licensed workloads. Underwriters want evidence of improvement trajectory, not just a snapshot number. Export Secure Score history showing month-over-month gains, map each improvement action to a specific control category the insurer evaluates, and include Microsoft Defender for Endpoint telemetry summaries that demonstrate active threat detection and response capability. Guardian Security Insights produces this packet for ABT-managed tenants on demand.
The three highest-impact actions are enabling MFA for all users through Microsoft Entra ID Conditional Access, removing stale accounts from Microsoft Entra ID, and enforcing device compliance through Microsoft Intune. MFA alone can add 15 to 20 points. Stale account cleanup adds 10 to 15 points. Device compliance policies close a major gap that both regulators and insurers flag. Guardian Security Insights prioritizes these actions automatically based on your environment, and M365 Guardian sequences them across the Microsoft Defender, Purview, Intune, and Entra ID surfaces so the work compounds rather than stalls.
Guardian Security Insights works across Microsoft 365 Business Premium, E3, and E5 tenants. The available Secure Score recommendations differ by license tier because each tier unlocks different security features inside Microsoft Defender and Microsoft Purview. Guardian tailors its recommendations to your specific licensing, so a Business Premium client sees actions relevant to their environment rather than E5-only features they cannot implement. M365 Guardian also covers the Microsoft 365 Copilot Business tier ($21 standalone or $32 bundled with Business Premium) for firms adding the Copilot Frontier stack to their footprint.
Microsoft ships the products. M365 Guardian operationalizes them as a single framework. The Microsoft Defender suite, Microsoft Purview, Microsoft Entra ID, Microsoft Intune, and Microsoft Sentinel are already in any reasonably licensed Microsoft 365 tenant. The question is whether they are configured consistently, tuned to a mortgage company's actual risk profile, monitored for drift, and producing the underwriter-ready and examiner-ready reports the business needs. M365 Guardian is ABT's productized operating model that does that work on the firm's behalf, layered on top of the Tier-1 Direct-Bill Cloud Solution Provider relationship that gives ABT delegated administrative access to manage the tenant. Guardian Security Insights is the dashboard that makes the work visible to leadership.
