What does 'Get My Grade' do?

'Get My Grade' is ABT's Microsoft 365 security assessment tool that evaluates your tenant configuration against the Sovereign Standard. The process begins when you grant ABT permission to analyze your tenant - this authorization step is explained on the Get My Grade landing page. Once permission is granted, our system collects configuration data and generates a comprehensive security grade showing how your environment compares to best practices for identity protection, data governance, and AI readiness. The assessment identifies specific gaps and prioritizes remediation steps, giving you actionable intelligence about your current security posture.

What is the 'Build Your AI Foundation' journey?

The AI Foundation journey is ABT's guided assessment that helps you understand exactly what's needed before deploying AI tools like Microsoft Copilot. It evaluates your current infrastructure across all four sovereignty pillars - Infrastructure, Connectivity, Intelligence, and Governance - then creates a prioritized roadmap. You'll see which prerequisites are already met, which gaps need attention, and the specific steps to achieve AI readiness without exposing sensitive data or violating compliance requirements.

What happens after I complete the assessment?

After completing either assessment, you'll receive a detailed report you can review independently - there's no obligation and no aggressive sales follow-up. If you want to discuss findings, ABT offers a complimentary consultation to walk through the results and answer questions. From there, you can choose to address gaps with your internal team using the roadmap provided, or engage ABT for implementation support. Many institutions use the assessment simply as a benchmark to guide their own IT initiatives.

What is IT Sovereignty and why does it matter for AI adoption?

IT Sovereignty is total institutional control over infrastructure, identity, data, integrations, intelligence, and AI governance. It matters for AI adoption because tools like Microsoft Copilot require access to organizational data - without proper controls, AI can expose sensitive information, violate compliance requirements, or surface data to unauthorized users. This is especially critical in highly regulated industries like financial services, where borrower and client data demands the strictest protection - but the principle applies to any organization handling sensitive information. IT Sovereignty establishes the secure foundation necessary for trusted AI deployment.

What does it mean that ABT is a Microsoft Tier 1 Direct Partner?

As a Microsoft Tier 1 Cloud Solution Provider, ABT has direct access to Microsoft licensing, support, and security resources. This enables consolidated licensing that reduces costs, pre-hardened security configurations aligned with Microsoft best practices, and faster resolution of technical issues through direct Microsoft escalation paths. Tier 1 status represents the highest level of Microsoft partnership.

How does ABT help prepare organizations for Microsoft Copilot?

ABT's Governance Sovereignty pillar specifically addresses Copilot readiness through Microsoft Purview-based data classification, sensitivity labels, permission boundaries, and access controls. Before Copilot deployment, ABT audits existing data exposure, implements appropriate labels, and establishes AI interaction logging for compliance. In financial services - our most demanding environment - this prevents Copilot from surfacing sensitive borrower data or confidential information to unauthorized users. The same rigorous approach applies to any organization: healthcare protecting patient data, legal firms safeguarding client privilege, or any business with proprietary information that requires controlled AI access.

What integration capabilities does ABT offer?

ABT provides system integration services across multiple industries, with particular depth in financial services - one of the most complex integration environments. MortgageExchange is a prime example: this platform connects loan origination systems including Encompass, core banking systems such as Fiserv DNA, Jack Henry, and FIS, servicing platforms, and data warehouse solutions. Major institutions rely on MortgageExchange because it validates data at each handoff point, eliminating manual re-entry risk and maintaining audit trails for compliance. Beyond mortgage, ABT's integration expertise extends to any environment requiring secure, validated data flow between critical business systems.

Is ABT SOC 2 certified?

Yes, ABT maintains SOC 2 Type 2 certification, which verifies that security controls are not only designed appropriately but operating effectively over time. This certification is audited annually and covers the Guardian managed services platform. SOC 2 Type 2 provides assurance to financial institutions that ABT meets rigorous security and operational standards.

What is the difference between ABT and a standard managed service provider?

ABT goes beyond co-managed IT by acting as the specialized architect for internal IT teams. While standard MSPs provide general support, ABT combines Microsoft Tier 1 expertise with deep domain knowledge developed in the most demanding environments. Our financial services experience - navigating complex regulations, multi-system integrations, and strict data protection requirements - has produced battle-tested solutions applicable to any organization. This includes pre-configured security baselines, sophisticated integration capabilities, and AI governance frameworks designed to protect sensitive data regardless of industry.

What does Infrastructure Sovereignty include?

Infrastructure Sovereignty delivers pre-hardened Microsoft 365 environments with consolidated Tier 1 licensing, Zero Trust architecture implementation, conditional access policies, and multi-factor authentication enforcement. Security baselines are configured to meet rigorous standards - in financial services, this means alignment with FFIEC cybersecurity expectations; for healthcare, HIPAA requirements; for other industries, relevant compliance frameworks. The goal is ensuring your environment is secure before you scale or add AI capabilities, regardless of your specific regulatory landscape.

How does ABT provide operational visibility and intelligence?

Intelligence Sovereignty delivers real-time dashboards showing security posture, productivity metrics, and operational efficiency indicators. This visibility helps identify friction points before they become costs - detecting unusual login patterns, measuring application adoption, or tracking integration throughput. Dashboards are tailored to your operational needs; in financial services, this might focus on loan processing workflows, while other industries configure views relevant to their specific business processes. The underlying capability - proactive operational intelligence - applies universally.

What regulatory frameworks does ABT align with?

ABT's IT Sovereignty framework is designed to adapt to your specific compliance requirements. In financial services - our most complex environment - this means alignment with FFIEC cybersecurity guidance, NCUA examination procedures, GLBA, and state-specific requirements. For healthcare organizations, we configure for HIPAA compliance. For other industries, we align with relevant frameworks like SOC 2, ISO 27001, or industry-specific standards. The SOC 2 Type 2 certification ABT maintains demonstrates our own operational control effectiveness, providing assurance that we meet rigorous security standards ourselves.

What is Microsoft 365 tenant hardening?

Tenant hardening is the process of replacing Microsoft 365's default security settings with Zero Trust baselines. Microsoft ships tenants with over 10,000 security settings unconfigured, leaving organizations vulnerable to password spray, phishing, and ransomware. ABT Guardian configures identity, access, device, and data controls to achieve 90%+ Microsoft Secure Score, dramatically reducing attack surface.

What is Zero Trust security architecture?

Zero Trust is a security framework that requires verification for every access request, regardless of location. The principle is 'never trust, always verify.' ABT Guardian implements Zero Trust through four pillars: Identity (verify users explicitly), Access Control (enforce least-privilege access), Devices (only allow compliant endpoints), and Data (protect information at rest and in transit).

What attacks does Guardian block?

Guardian blocks eight major attack categories: password spray attacks (automated credential guessing), phishing attempts (fake login pages), legacy authentication exploits (outdated protocols bypassing MFA), unmanaged device access, MFA fatigue attacks (push notification bombing), impossible travel logins (suspicious geographic patterns), data exfiltration (bulk file downloads), and brute force attacks (repeated login attempts).

How does Guardian help with cyber insurance requirements?

Cyber insurers increasingly require proof of MFA, endpoint detection (EDR), email protection, and access controls. Guardian configures all these controls and documents them for insurance questionnaires. Organizations with 90%+ Secure Score, enforced MFA, Conditional Access policies, and DLP often qualify for lower premiums. ABT provides audit-ready documentation mapping Guardian controls to common cyber insurance requirements.

What compliance frameworks does Guardian align with?

Guardian aligns Microsoft 365 configuration with GLBA (Gramm-Leach-Bliley Act) for financial institutions, FFIEC IT examination expectations, SOC 2 compliance requirements, GSE cybersecurity expectations for mortgage lenders, and cyber-insurance control frameworks. ABT maintains SOC 2 Type 2 certification and provides vendor risk documentation for regulated industries including banking, mortgage, and insurance.

What's included when I purchase Microsoft 365 through ABT?

When you purchase Microsoft 365 licensing through ABT (a Tier 1 Microsoft Cloud Solution Provider), Guardian Security Baseline is included at no additional cost. This includes Zero Trust hardening across identity, devices, email, and data; ongoing security monitoring; Secure Score tracking; and access to ABT's security engineering team. You pay the same as buying direct from Microsoft, but receive pre-hardened configuration.

How long does Guardian implementation take?

Initial Guardian hardening typically completes within 2-4 weeks depending on organization size and complexity. ABT follows a phased approach: assessment and planning (week 1), identity and access hardening (week 2), device and data controls (weeks 2-3), validation and documentation (week 3-4). Ongoing monitoring and optimization continue after initial deployment.

Do I need dedicated IT staff to maintain Guardian?

It depends on your Guardian plan. Plan 0 (Essentials) includes ABT's initial Zero Trust hardening, but your IT team maintains the configuration afterward—this plan assumes internal operational maturity. Plans 1-3 add increasing ABT management: Plan 1 (Core) provides co-managed security with ongoing configuration maintenance, Plan 2 (Pro) adds active monitoring and AI-driven insights, and Plan 3 (Advanced) delivers full 24/7 managed detection and response. Choose based on your internal IT capacity.

Why not just use Microsoft's Security Defaults?

Security Defaults provide basic protection (requiring MFA registration, blocking legacy auth) but are one-size-fits-all and cannot be customized. They don't include Conditional Access policies, device compliance requirements, DLP, or advanced threat protections. Organizations needing granular control, compliance documentation, or regulated-industry requirements must move beyond Security Defaults to a comprehensive Zero Trust implementation like Guardian.

What is Microsoft Secure Score and why does it matter?

Microsoft Secure Score is a measurement of your organization's security posture, expressed as a percentage. It evaluates configuration across identity, devices, apps, data, and infrastructure. A higher score indicates better protection against threats. Most unconfigured tenants score below 30%. Guardian achieves 90%+ Secure Score by implementing Microsoft's recommended security controls. This score is increasingly requested by auditors, cyber insurers, and due-diligence reviewers.

What systems does MortgageExchange integrate?

MortgageExchange integrates loan origination systems (Encompass, MCP, Calyx, Empower), core banking systems (Fiserv DNA, Jack Henry Symitar, Corelation Keystone), servicing platforms (Cenlar, Dovenmuehle DMI), CRM systems (Salesforce, HubSpot), and data systems (Azure SQL, Snowflake, Power BI, Microsoft Copilot Studio). ABT supports over 40 mortgage technology systems.

Does ABT only build MortgageExchange or can you connect other systems?

MortgageExchange is ABT's flagship integration platform for mortgage operations, but ABT builds custom interfaces between any business systems. If your systems need to talk, ABT can connect them. Custom interfaces are priced monthly based on complexity.

Is MortgageExchange cloud-based or on-premise?

MortgageExchange is 100% cloud-based, hosted in Microsoft Azure. No servers or IT infrastructure required on your end. ABT manages the platform as part of your monthly fee.

How does MortgageExchange reduce manual re-entry risk?

Validation gates check required fields and formats before data moves between systems. Schema mapping translates between systems automatically. No hand-keying means no drift, no typos, and no reconciliation nightmares.

What kind of efficiency improvement can we expect?

Customers typically see 35% or more improvement in mortgage processing efficiency with the same staff. There is no limit on loans processed - flat monthly fee regardless of volume.

What happens when data fails validation?

Failed records route to an exception queue for review - nothing gets dropped. Complete audit traces are maintained for compliance reviews. The system supports end-of-day reconciliation between connected systems.

Do I need dedicated IT staff to manage MortgageExchange?

No. ABT manages the interface as part of your monthly fee. When vendors make changes, ABT updates the integration - you do not have to engage anyone for rewrites. ABT has served 750+ mortgage companies, banks, and credit unions since 2001.

Can I use AI to query my loan data after ABT integrates my systems?

Yes. Once your LOS flows into a data warehouse with Power BI, you can ask Copilot natural language questions like What is my pipeline or Show loans closing this week. The AI knows who is asking and filters results to only loans you have access to.

How does ABT handle security and permissions with AI queries?

Row-level security flows from your source systems. Your Encompass or LOS permissions determine what the AI can show you. ABT uses Entra ID authentication so every query ties back to a specific user identity. ABT is SOC 2 Type 2 certified.

What is Intelligence Sovereignty?

Intelligence Sovereignty is the third pillar of IT Sovereignty, focused on operational visibility and actionable insights. It means having real-time access to security posture, productivity metrics, and compliance evidence across your Microsoft 365 environment.

What is the Guardian Security Insights report?

The Guardian Security Insights report is a 12-point assessment that translates Microsoft 365 telemetry into executive-ready findings. Each section follows: Detect, Quantify, and Act.

How does ABT analyze 1,200+ telemetry points?

Guardian collects signals from identity events, device compliance, policy configurations, and security controls. These are correlated to identify patterns indicating real risk rather than generating noise.

What security metrics does Guardian track?

Guardian tracks Identity Defense (MFA coverage, policy exclusions, privileged role drift), Account Hygiene (stale users, dormant access), and Device Trust (endpoint compliance, OS health, Defender coverage).

How does Guardian help with compliance audits?

Guardian creates audit-ready evidence for every finding. Remediation actions are logged with before/after states and timestamps for auditors.

How does Guardian identify license waste?

Guardian correlates license assignments with actual usage patterns. Unused premium features are flagged as recoverable spend with specific dollar amounts.

What is friction tax?

Friction tax is productivity drag from manual re-entry, context switching, and workflow bottlenecks. Guardian quantifies hours lost per user per week.

How does Guardian support AI governance?

Guardian provides the AI Ledger, an immutable log of AI interactions including prompts, responses, blocks, and redactions for audit readiness.

What are policy flags in AI monitoring?

Policy flags are governance events requiring review: when AI accessed sensitive data, when outputs were redacted, or when requests were blocked.

Is Guardian part of ABT's SOC 2 certified services?

Yes, Guardian is covered under ABT's SOC 2 Type 2 certification with security controls audited annually.

How does Guardian integrate with existing security tools?

Guardian leverages Microsoft Defender, Entra ID, Intune, and Purview signals, correlating their outputs into unified findings.

What industries benefit from Intelligence Sovereignty?

While ABT has deep expertise in financial services, Intelligence Sovereignty applies to any organization using Microsoft 365 with sensitive data.

How many organizations does ABT serve?

ABT currently serves over 750 organizations as active subscribers. Founded in 1999, ABT has worked with thousands of organizations.

What is AI Governance Sovereignty?

AI Governance Sovereignty is the fourth pillar of IT Sovereignty, ensuring that AI tools like Microsoft Copilot operate within defined security boundaries. It means controlling what AI can access, what it can do, and maintaining audit evidence of every interaction.

Why is ungoverned Copilot a security risk?

Default Microsoft 365 permissions allow Copilot to index everything users can access, including overshared files. Without governance, Copilot can expose executive compensation, M&A strategy, PII, and other sensitive data to any user who asks.

How does Guardian protect against AI data leakage?

Guardian enforces Zero Trust scope on AI interactions. Sensitive data is restricted by security group membership (RBAC), and Purview Sensitive Info Types automatically redact PII like Tax IDs before AI can surface them.

Can Copilot execute unauthorized transactions?

Without governance, AI agents can potentially initiate actions like wire transfers. Guardian blocks high-stakes actions and routes them through dual-control approval workflows using Azure Logic Apps.

How does Guardian handle confidential board documents?

Guardian uses Search Exclusion Rules to remove confidential files from Copilot's index entirely. Even if a user asks about board minutes or M&A targets, the AI cannot access or summarize restricted content.

What is Endpoint DLP and why does it matter for AI?

Endpoint DLP detects when users paste sensitive content like database credentials or API keys into AI chat. Guardian blocks this exfiltration attempt before secrets reach external models.

SOVEREIGN PULSE

MANDATE SEC CYBER-SECURITY DISCLOSURE REQUIREMENTS ACTIVE

INTEL GPT-5 READINESS: PURVIEW CONFIGURATION REQUIRED

RISK TOKEN THEFT ATTEMPTS INCREASE 400% IN FINANCIAL SECTOR

UPDATE HIPAA/PHI DATA BOUNDARIES ENFORCED VIA PURVIEW DSPM

BATTLE-TESTED 750+ MORTGAGE LENDERS PROTECTED BY GUARDIAN

MANDATE SEC CYBER-SECURITY DISCLOSURE REQUIREMENTS ACTIVE

INTEL GPT-5 READINESS: PURVIEW CONFIGURATION REQUIRED

RISK TOKEN THEFT ATTEMPTS INCREASE 400% IN FINANCIAL SECTOR

UPDATE HIPAA/PHI DATA BOUNDARIES ENFORCED VIA PURVIEW DSPM

BATTLE-TESTED 750+ MORTGAGE LENDERS PROTECTED BY GUARDIAN

OFFICIAL TIER 1 DIRECT PARTNER | VALIDATE YOUR TENANT AGAINST THE SOVEREIGN STANDARD

Your AI Future Depends on
IT Sovereignty.

Information Technology Sovereignty: Total institutional control over infrastructure, identity, data, integrations, intelligence, and AI governance.

Secure Microsoft 365 Infrastructure and Licensing.

Stop building the future on broken plumbing. We go beyond co-managed IT, acting as the specialized architect for your internal teams. Leveraging our status as a Microsoft Tier 1 Direct Partner, we consolidate licensing and harden security for the institutions we actively serve, creating the sovereign foundation required for trusted AI.

BUILD YOUR AI FOUNDATION

CO-MANAGED INSTITUTIONAL IT • MICROSOFT CLOUD SECURITY SYSTEM INTEGRATIONS • TRUSTED AI GOVERNANCE

AI READINESS PROTOCOL

INITIALIZING...

SECURE INSTITUTIONAL ECOSYSTEM

Windows

M365

Azure

Copilot

Infrastructure SCRAMBLING... System Connectivity SCRAMBLING... Intelligence SCRAMBLING... Governance SCRAMBLING...

The Four Pillars of IT Sovereignty

Infrastructure Sovereignty Tier 1 Microsoft licensing plus a hardened baseline so your environment is secure before you scale.

Connectivity Sovereignty Secure data flow between your core systems and the Microsoft Cloud without manual re-entry.

Intelligence Sovereignty Live operational and security visibility to find friction before it becomes cost.

Governance Sovereignty Audit trails, boundaries, and controls so Copilot can be deployed without oversharing risk.

IT Sovereignty: The Foundation for Trusted AI

IT Sovereignty represents total institutional control over infrastructure, identity, data, integrations, intelligence, and AI governance. For any organization preparing for AI adoption, establishing IT sovereignty is the prerequisite for deploying tools like Microsoft Copilot without exposing sensitive data or violating compliance requirements. ABT has proven this approach in financial services - mortgage lenders, banks, and credit unions - one of the most complex and regulated environments, making these battle-tested solutions applicable to organizations across all industries.

Why IT Sovereignty Matters Now

Organizations face unprecedented pressure to adopt AI for competitive advantage while maintaining regulatory compliance and data protection. The challenge: most organizations built their Microsoft 365 environments without anticipating AI. Legacy configurations, overshared permissions, and ungoverned data create immediate risk when AI tools gain access. ABT's IT Sovereignty framework addresses these challenges through four interconnected pillars developed in demanding financial services environments and applicable to any organization handling sensitive information.

The Four Pillars of IT Sovereignty

Infrastructure Sovereignty

As a Microsoft Tier 1 Cloud Solution Provider, ABT delivers pre-hardened Microsoft 365 environments with consolidated licensing, Zero Trust architecture, and security baselines aligned with your compliance requirements - whether FFIEC for financial services, HIPAA for healthcare, or other industry frameworks. Infrastructure sovereignty ensures your environment is secure before you scale.

Connectivity Sovereignty

ABT provides sophisticated system integration capabilities across industries. MortgageExchange exemplifies this expertise - connecting loan origination systems like Encompass, core banking platforms including Fiserv DNA and Jack Henry, and servicing systems for major financial institutions. This same integration discipline applies to any environment requiring secure, validated data flow between critical business systems.

Intelligence Sovereignty

Real-time visibility into operational efficiency, security posture, and productivity metrics. Intelligence sovereignty enables proactive identification of friction points before they become costs, with dashboards tailored to your specific operational needs and leadership reporting requirements.

Governance Sovereignty

Microsoft Purview-based data classification, sensitivity labels, and access controls ensure AI tools like Copilot only access appropriate information. Governance sovereignty includes audit trails, permission boundaries, and AI interaction logging required for regulatory compliance across industries.

Trust and Credentials

ABT currently serves over 750 organizations as active subscribers, with deep expertise in financial services - our most complex and demanding client base. Founded in 1999, ABT has worked with thousands of organizations across multiple industries. As a SOC 2 Type 2 certified organization and Microsoft Tier 1 Direct Partner, ABT combines rigorous security standards with enterprise-grade Microsoft capabilities. The Guardian managed services platform delivers continuous protection while MortgageExchange exemplifies ABT's integration excellence.

Capabilities

Co-managed institutional IT services
Microsoft 365 cloud security and hardening
System integration and connectivity across industries
Trusted AI governance and Copilot readiness
Windows, Microsoft 365, Azure, and Copilot expertise
Zero Trust architecture implementation
Compliance alignment (FFIEC, HIPAA, SOC 2, ISO 27001, and more)
Real-time security monitoring and threat defense

SECTOR 1|INFRASTRUCTURE SOVEREIGNTY

1 of 4

GUARDIAN SECURITY BASELINE

The Hardened
Tenant Protocol.

Microsoft 365 defaults leave critical gaps. Over 10,000 security settings remain unconfigured—exposing your organization to password spray, phishing, and ransomware. We engineer the Sovereign Perimeter: four pillars of Zero Trust protection achieving 90%+ Secure Score.

✓ Guardian Security Baseline included when you purchase Microsoft 365 licensing through ABT

The Sovereign Perimeter

Four Pillars of Zero Trust

Identity

Entra ID • Verify Explicitly

CONFIGURE

👔 Executive View

Every Login Verified.

Password spray and phishing blocked by phishing-resistant MFA. Entra ID configured with Zero Trust baselines.

⚙️ Guardian Configures

Phishing-resistant MFA (FIDO2)
Block legacy authentication
Privileged Identity Management
Password spray protection

Access Control

Conditional Access • Never Trust

ENFORCE

👔 Executive View

Only Trusted Conditions.

Evaluates identity, device, location, and risk. Impossible travel? Blocked. MFA fatigue attacks? Prevented with number matching.

⚙️ Guardian Configures

Require compliant devices
Risk-based challenges
Location restrictions
MFA fatigue prevention

Devices

Intune + Defender • Your Devices Only

COMPLY

👔 Executive View

Only YOUR Devices.

Personal laptops blocked. Only organization-enrolled, compliant devices get access to company data.

⚙️ Guardian Configures

Intune enrollment required
Block unmanaged devices
BitLocker encryption required
Defender for Business deployment

Data

Purview DLP • Least Privilege

PROTECT

👔 Executive View

Control What Leaves.

DLP stops exfiltration. Bulk downloads flagged. Sensitivity labels auto-encrypt confidential files.

⚙️ Guardian Configures

Purview DLP policies
Bulk exfiltration detection
Sensitivity labels
Audit logging enabled

GUARDIAN THREAT INSIGHTS

Attack: — Target: — MONITORING

Your Sovereign Perimeter

HARDENING

Active Protections

Watch Guardian defend

Phishing-Proof Login

ACTIVE

Smart Access Rules

ACTIVE

Modern Auth Only

ACTIVE

Managed Devices

ACTIVE

Verified Push

ACTIVE

Location Check

ACTIVE

Data Loss Prevention

ACTIVE

Brute Force Block

ACTIVE

Threats blocked0/8

Guardian Protection

Your Microsoft 365 environment protected by Zero Trust security across four critical pillars.

Identity Protection

Every Login Verified

Blocks password attacks with phishing-resistant MFA using Entra ID and FIDO2 security keys.

Phishing-Proof Login

Requires physical security keys (FIDO2, Passkeys)

Smart Access Rules

Blocks suspicious logins based on behavior

Brute Force Block

Auto-locks after failed attempts

Access Control

Smart Access Decisions

Evaluates identity, device, location, and risk for every login with Conditional Access.

Modern Auth Only

Old protocols (IMAP/POP3) disabled

Verified Push

Requires code match, stops accidental approvals

Location Check

Blocks impossible travel logins

Device Compliance

Only YOUR Devices

Personal laptops blocked. Only organization-enrolled devices through Intune allowed.

Managed Devices Only

Intune enrollment required

Data Protection

Control What Leaves

Stops bulk downloads and unauthorized file transfers with Purview DLP.

Data Loss Prevention

Flags unusual download activity

Attacks Blocked

Password Spray Phishing Legacy Auth MFA Fatigue Impossible Travel Data Exfiltration Brute Force

SOC 2 Type 2 Certified · 750+ institutions since 2001

GET YOUR TENANT GRADE

ABT GUARDIAN HARDENING BASELINE

Zero Trust configuration of 10,000+ security settings. Included with Microsoft 365 licensing through ABT. Trusted by 750+ financial institutions since 2001.

TIER 1 MICROSOFT CSPSOLUTIONS PARTNER

ABT Guardian - Microsoft 365 Zero Trust Tenant Hardening

ABT Guardian is a comprehensive Microsoft 365 security hardening solution that replaces weak Microsoft defaults with Zero Trust baselines. Guardian configures over 10,000 security settings across identity, access control, devices, and data protection to achieve 90%+ Microsoft Secure Score. Trusted by 750+ financial institutions since 2001, ABT is a Tier 1 Microsoft Cloud Solution Provider with SOC 2 Type 2 certification.

The Four Pillars of Zero Trust Protection

Identity Protection: Every login verified with phishing-resistant MFA using Entra ID, FIDO2 security keys, and Privileged Identity Management. Blocks password spray attacks and credential theft.

Access Control: Smart access decisions using Conditional Access policies. Evaluates identity, device health, location, and risk signals for every login. Prevents MFA fatigue attacks with number matching and blocks impossible travel scenarios.

Device Compliance: Only organization-enrolled, compliant devices access company data. Enforced through Microsoft Intune with BitLocker encryption, Defender for Business, and compliance policies. Personal laptops and unmanaged devices blocked.

Data Protection: Controls what leaves your organization using Microsoft Purview DLP. Detects bulk exfiltration attempts, enforces sensitivity labels, auto-encrypts confidential files, and maintains comprehensive audit logging.

SECTOR 2 | CONNECTIVITY SOVEREIGNTY

Interfaces by ABT Risk Control

2 of 4

LIVE EXAMPLE: HOW ABT CONTROLS COMPLEX HANDOFFS

UPLINK ACTIVE

Integrity controlsBefore core and AI consume

Required fields

Required FieldsValidates that all mandatory loan data fields are present before handoff.

Format checks

Format ChecksValidates data formats to prevent malformed data errors.

Schema mapping

Schema MappingTransforms field names between different system formats.

Exception pathOperational control

Exception queue

Exception QueueFailed validations are held for review rather than dropped.

Audit trace

Audit TraceComplete history for compliance reviews.

Reconciliation ready

Reconciliation ReadySupports end-of-day reconciliation between systems.

ICE Mortgage Technology | Encompass

RISK CONTROLKeeps LOS changes aligned to reduce re-entry drift before downstream handoffs.> PROTOCOL: Encompass Developer Connect API.

Mortgage Cadence | MCP

RISK CONTROLNormalizes origination events so downstream systems receive consistent payloads.> PROTOCOL: secured integration contract.

Calyx | Path

RISK CONTROLReduces duplicate entry and keeps key attributes consistent across handoffs.> PROTOCOL: API or export bridge.

PRODUCTION
SOURCES

VALIDATION GATE

VALIDATION GATEA Mortgage Exchange control point. Applies handoff rules before data lands downstream.> CONTROLS: required fields, format validation, exception routing.

Fiserv | DNA

RISK CONTROLValidated payloads reduce posting defects and reconciliation exceptions.> PROTOCOL: secure gateway plus API contract.

Cenlar | New Loan Boarding

RISK CONTROLCleaner boarding handoffs reduce servicing exceptions and support churn.> PROTOCOL: validated boarding payloads.

Data Warehouse | Power BI

RISK CONTROLA single source of truth supports reporting, oversight, and grounded AI.> PROTOCOL: Azure SQL or Snowflake plus Power BI.

CONNECTED
ECOSYSTEM

Supported systems manifest →

Validation Gate - Mortgage Exchange

Control the handoffs

Validation gate + exception path + audit trace. Keeps downstream systems clean.

View supported systems

Reduce Re-entry Risk.
Control the handoffs.

When systems are not connected, teams compensate with manual re-entry. That creates drift, defects, and downstream exceptions.

RISK REMOVEDFrom re-entry

Hand keyed re-entry
Mismatched fields and drift
Posting and reconciliation defects
Boarding and servicing exceptions
Audit and complaint exposure

CALCULATE RISK-REDUCTION ROI

LOS ICE Mortgage Technology | Encompass

LOS Mortgage Cadence | MCP

LOS Calyx | Path

CORE Fiserv | DNA

CORE Jack Henry | Symitar Episys

SERV Cenlar | New Loan Boarding

SERV Dovenmuehle | DMI Loan Servicing

DOCS FIS | FCM

WIRE Alacriti | Alacriti Wire

LOS ICE Mortgage Technology | Encompass

LOS Mortgage Cadence | MCP

LOS Calyx | Path

CORE Fiserv | DNA

CORE Jack Henry | Symitar Episys

SERV Cenlar | New Loan Boarding

SERV Dovenmuehle | DMI Loan Servicing

DOCS FIS | FCM

WIRE Alacriti | Alacriti Wire

CRM Salesforce

CRM HubSpot

CRM Jungo

CRM Total Expert

DATA Data Warehouse | Power BI

DATA Advantage Systems | AMB

DOCS Microsoft | SharePoint Online

AI Microsoft | Copilot Studio

CRM Salesforce

CRM HubSpot

CRM Jungo

CRM Total Expert

DATA Data Warehouse | Power BI

DATA Advantage Systems | AMB

DOCS Microsoft | SharePoint Online

AI Microsoft | Copilot Studio

Supported systems manifest Mortgage Exchange by ABT Common systems shown. Click to expand View

Origination systems

Core systems

Servicing, documents, wires

CRM, data, accounting, AI and BI

Mortgage Exchange by ABT is a 100% cloud-based real-time integration platform hosted in Microsoft Azure. It connects loan origination systems like Encompass, MCP, Calyx, and Empower to core banking systems like Fiserv DNA and Jack Henry Symitar, servicing platforms like Cenlar and Dovenmuehle, CRM systems like Salesforce and HubSpot, and data systems including Azure SQL, Snowflake, Power BI, and Microsoft Copilot Studio. The platform features validation gates with required field checks, format validation, and schema mapping to ensure data integrity across system handoffs. Exception handling includes audit traces and reconciliation support. ABT supports over 40 mortgage technology systems to reduce manual re-entry risk and control data handoffs. Customers typically see 35% or more improvement in processing efficiency with the same staff. Flat monthly fee with no per-loan charges. ABT manages the interface so no dedicated IT staff is required. ABT also builds custom interfaces between any business systems beyond MortgageExchange. Once systems are integrated, AI tools like Copilot can query loan data with row-level security enforced through Entra ID authentication. ABT is SOC 2 Type 2 certified and has served 750+ mortgage companies, banks, and credit unions since 2001.

MORTGAGE EXCHANGE BY ABT A real-time integration platform connecting loan origination, core banking, servicing, and data systems. Supports: Encompass, MCP, Calyx, Fiserv DNA, Symitar, Cenlar, Power BI, and 40+ systems.

SECTOR 3 | INTELLIGENCE SOVEREIGNTY

GUARDIAN INSIGHTS EXECUTIVE REPORTING

3 OF 4

LIVE OPERATIONAL CONSOLE

Actionable Intel.
Surfacing the Unseen.

Guardian^™ eliminates the blind spots. We analyze over 1,200 unique telemetry points—from Identity Risk to Process Velocity—ensuring your institutional pulse is strong, compliant, and fully auditable.

This console mirrors the 12-point Guardian Security Insights report—so every "signal" below maps to a real, repeatable finding your team can review and remediate. View Guardian Insights

INITIALIZE INSTITUTIONAL AUDIT

SECURITY

WHAT YOU'RE SEEING Identity + device risk surfaced into report-ready findings (MFA gaps, policy exclusions, stale accounts, admin exposure). Mapped to your Guardian Insights report. Open the report view.

PRODUCTIVITY

WHAT YOU'RE SEEING License and workflow inefficiency translated into recoverable spend + operational throughput. Guardian Insights connects usage telemetry to savings. See how.

AI GOV

WHAT YOU'RE SEEING Audit readiness for AI: what was asked, what was returned, and what was blocked or redacted—so compliance can sign off. Modeled as "Accepted Risks → Evidence." Learn more.

STATUS: MONITORING // HOVER TO INSPECT

THREAT HUNTING Initializing scan...

CORRELATION LAYER Guardian correlates identity, device, and policy signals into the exact categories your report tracks—so leadership sees findings, not noise.

EXECUTIVE INTEL Correlating Identity, Endpoint, and Cloud signals to predict breaches. GUARDIAN INSIGHTS → TURN THIS INTO AN EXECUTIVE SUMMARY

PRIMARY_KPI INTEGRITY GRADE — ANALYZING...

SECONDARY_KPI MOMENTUM PULSE — SYNCING...

GUARDIAN INSIGHT

—

LIVE_TELEMETRY_STREAM

GUARDIAN INSIGHT

MODE: SECURITY

Intelligence Sovereignty Overview

Security Monitoring Identity and device risk surfaced into report-ready findings: MFA gaps, policy exclusions, stale accounts, and admin exposure mapped to Guardian Insights reports.

Productivity Analytics License and workflow inefficiency translated into recoverable spend and operational throughput with evidence-backed savings calculations.

AI Governance Audit readiness for AI deployments: prompt logging, policy flags, redaction events, and compliance evidence so leadership can sign off with confidence.

Guardian Insights Reports All signals correlate to the 12-point Guardian Security Insights report format—findings, not noise—so your team can review and remediate systematically.

Intelligence Sovereignty: Operational Visibility and Security Insights

Intelligence Sovereignty represents the third pillar of IT Sovereignty, delivering real-time operational visibility across security posture, productivity metrics, and compliance evidence. For organizations preparing for AI adoption or seeking to optimize their Microsoft 365 investments, Intelligence Sovereignty transforms raw telemetry into actionable findings that leadership can understand and act upon.

Guardian Security Insights Platform

The Guardian platform analyzes over 1,200 unique telemetry points from across your Microsoft 365 environment. Rather than generating endless alerts, Guardian correlates signals from identity systems, device management, security controls, and application usage to surface the findings that actually matter. The output follows a consistent pattern: Detect what is wrong, Quantify how bad it is, and Act with specific remediation steps.

Security Monitoring Capabilities

Security monitoring within Guardian tracks identity defense metrics including MFA saturation, policy exclusion drift, and privileged role exposure. Account hygiene analysis identifies stale users and dormant access patterns that expand attack surface. Device trust monitoring covers endpoint compliance, operating system health, and Microsoft Defender coverage gaps. Each finding maps to the 12-point Guardian Security Insights report format with quantified risk and remediation guidance.

Productivity Analytics

Beyond security, Guardian delivers productivity intelligence by correlating license assignments with actual usage patterns. The platform identifies recoverable spend from unused or underutilized licenses, calculates specific dollar amounts, and routes reclaim workflows to appropriate owners. Workflow velocity analysis measures friction tax, the productivity drag from manual re-entry, context switching, and process bottlenecks, translating operational inefficiency into quantified hours lost.

AI Governance and Compliance

For organizations deploying AI tools like Microsoft Copilot, Guardian provides the AI Ledger, an immutable governance log tracking prompts, responses, redactions, and policy enforcement events. This creates audit readiness: compliance teams can verify that AI usage stays within boundaries because there is evidence of appropriate controls. Policy flags highlight governance events requiring review, while data boundary monitoring ensures AI only accesses information users are authorized to see.

Trust and Credentials

ABT Guardian platform is covered under SOC 2 Type 2 certification, with security controls audited annually. Founded in 1999, ABT currently serves over 750 organizations as active subscribers, with particular depth in financial services where compliance requirements are most demanding. As a Microsoft Tier 1 Direct Partner, ABT combines deep industry expertise with enterprise-grade Microsoft security capabilities.

SECTOR 4 | GOVERNANCE SOVEREIGNTY

AI GOVERNANCE COPILOT SECURITY

4 OF 4

UNGOVERNED COPILOT AGENT STATUS: LIABILITY_EXPOSURE

AGENT: SHADOW_LLM_v4 [UNVERIFIED]

GOVERNED COPILOT AGENT STATUS: AUDIT_LEDGER_ACTIVE

AGENT: TRUSTED_CORP_AGENT [VERIFIED]

LIVE AI SIMULATION

Real-Time AI Fortification.

Watch the difference between Default Microsoft 365 and a Guardian Hardened Environment. See how Guardian intercepts, analyzes, and sanitizes every Copilot interaction in real-time.

INITIALIZE AI READINESS SCAN

AI Governance Simulation

Ungoverned Copilot Default permissions allow Copilot to access anything users can see - executive compensation, M&A strategy, PII, and credentials can all be exposed.

Governed Copilot Guardian-hardened with Zero Trust scope. Sensitive data is redacted, high-stakes actions require approval, every interaction is logged.

AI Governance Sovereignty: Real-Time Copilot Fortification

AI Governance Sovereignty represents the fourth pillar of IT Sovereignty, addressing the critical need to control how AI tools like Microsoft Copilot access and process organizational data. Without proper governance, AI assistants can expose sensitive information, execute unauthorized actions, and create compliance violations that put organizations at risk.

The Ungoverned Copilot Risk

Default Microsoft 365 configurations allow Copilot to index and retrieve anything users can access. This includes overshared files, executive compensation data, M&A strategy documents, customer PII, and confidential board materials. A simple prompt like "show me the CEO's bonus structure" can expose sensitive salary information if the user has inherited permissions they shouldn't have. Ungoverned Copilot creates what ABT calls "liability exposure" - the AI becomes an amplifier for permission sprawl and data oversharing problems that already exist in most organizations.

Guardian AI Governance Capabilities

The Guardian platform transforms Copilot from a liability into a governed asset. Zero Trust scope enforcement restricts AI access based on security group membership through Entra ID integration. Purview Sensitive Info Types automatically detect and redact PII like Tax IDs, Social Security numbers, and account numbers before AI can surface them in responses. Search Exclusion Rules remove confidential content from Copilot's index entirely, ensuring AI cannot access restricted documents regardless of user permissions.

Dual-Control for High-Stakes Actions

Guardian prevents AI from executing unauthorized transactions or high-stakes actions. When Copilot attempts to initiate something like a wire transfer or system change, Guardian blocks the action and routes it through an approval workflow built on Azure Logic Apps. This dual-control pattern ensures human oversight for consequential AI-driven actions.

Endpoint DLP and Shadow AI Prevention

Endpoint Data Loss Prevention detects when users paste sensitive content into AI chat interfaces. Database credentials, API keys, connection strings, and other secrets are blocked before they can be exfiltrated to external AI models. Guardian's network controls also block access to unsanctioned AI endpoints like ChatGPT and Claude, preventing shadow AI usage while allowing governed Copilot access.

Immutable Audit Ledger

Every AI interaction is logged to an immutable audit ledger with complete context: timestamps, user identity, prompts submitted, responses generated, and any blocks or redactions applied. This creates the compliance evidence regulators and auditors require. Organizations can demonstrate that AI usage stays within policy boundaries because there is documented proof of enforcement.

Compliance Framework Alignment

Guardian helps financial institutions meet GLBA requirements for customer data protection, SOC 2 controls for access management, and emerging AI governance requirements from regulators like the OCC and FFIEC. For organizations preparing for AI deployment or already using Copilot, Guardian provides the governance layer that turns AI from a compliance risk into an auditable, controlled capability.

Trust and Credentials

ABT Guardian AI Governance is covered under SOC 2 Type 2 certification, with security controls audited annually. Founded in 1999, ABT serves over 750 organizations as a Microsoft Tier 1 Cloud Solution Provider. Guardian leverages existing Microsoft 365 security infrastructure including Entra ID, Purview, and Defender, enabling rapid implementation within weeks rather than months.

Initialize Deployment

Select Your Authorization Path.

01. Tenant Grade

Request a security baseline hardening evaluation.

02. Automation ROI

Quantify ROI from integrations and automation.

03. AI Readiness

Identify oversharing risk before deploying Copilot.

UPLINK_STATUS: STANDBY MODE: INFRASTRUCTURE AUDIT

> UPLINK ESTABLISHED. DEPLOYMENT CONFIRMED.

Your briefing has been routed to the Decision Desk. A Solutions Architect has been assigned and will contact you shortly.

Your AI Future Depends onIT Sovereignty.

The Four Pillars of IT Sovereignty

The HardenedTenant Protocol.

Four Pillars of Zero Trust

Identity

Every Login Verified.

Access Control

Only Trusted Conditions.

Devices

Only YOUR Devices.

Data

Control What Leaves.

Active Protections

Guardian Protection

Attacks Blocked

Control the handoffs

Reduce Re-entry Risk. Control the handoffs.

Actionable Intel.Surfacing the Unseen.

Intelligence Sovereignty Overview

Real-Time AI Fortification.

AI Governance Simulation

Select Your Authorization Path.

Your AI Future Depends on
IT Sovereignty.

The Hardened
Tenant Protocol.

Reduce Re-entry Risk.
Control the handoffs.

Actionable Intel.
Surfacing the Unseen.