Coalition email-security scan now live

Verify your clients' controls
before anyone signs

Connect your clients' M365, EDR, and backup stack. Get a carrier-mapped attestation report with timestamped evidence so the renewal questionnaire is backed by proof, not guesswork.

Run the email-security scan
12Controls verified
5Carrier mappings planned
~3 minScan to evidence
100%Timestamped output
The problem

Cyber insurance applications are not the problem. Defensible answers are.

Carrier forms are yes-or-no. The real pain is verifying those answers before someone signs a legally binding attestation.

MSPs burn hours per renewal

Manual evidence gathering across MFA, EDR, backups, and patching creates slow, fragile renewal work.

BindLedger verifies in minutes

We query the actual environment, map findings to carrier questions, and document the evidence trail.

Inaccurate answers create claim risk

Courts are voiding policies and carriers are tightening audits when controls do not match the signed application.

Timestamped proof beats gut feel

The product verifies. The human attests. Every result has a point-in-time record behind it.

Verification engine

Controls carriers actually require

Pulled from Coalition, Travelers, At-Bay, Corvus, and Hartford questionnaires. This is underwriting reality, not a generic framework exercise.

Critical

MFA enforcement

Verify MFA across Per-User, Security Defaults, and Conditional Access, including silent exclusion detection.

via Microsoft Graph API
Live
Critical

EDR coverage

Confirm endpoint protection deployed on all devices and collapse mixed-vendor posture into a single coverage verdict.

via Defender, CrowdStrike, SentinelOne
Live - Defender
Critical

Backup verification

Verify backup frequency, retention, and immutability configuration instead of relying on job-success screenshots.

via Veeam, Datto BCDR
Shipping April
Required

Patch management

Track patch compliance against carrier-specific SLA thresholds so renewal answers reflect actual exposure.

via NinjaOne, Datto RMM
Shipping April
Required

Email security

Verify DMARC, SPF, and DKIM posture for the applicant domain with a Coalition-ready evidence summary.

via DNS + M365 Graph API
Live
Required

Privileged access

Audit admin accounts, role assignments, and access governance against carrier definitions of managed access.

via Entra ID, Azure AD
Live
Workflow

Three steps to defensible attestation

01

Connect the environment

Start with public DNS posture today, then layer in M365, EDR, and backup integrations as the client authorizes access.

02

Run the assessment

BindLedger evaluates the control, flags gaps, and explains what the carrier will care about.

03

Review the carrier mapping

The MVP ships a hardcoded Coalition readout for email security, with the remaining control families queued behind it.

Carrier intelligence

Mapped to the carriers you actually use

Coalition is hardcoded in this MVP. The rest of the carrier surface stays visible so the roadmap is clear.

Coalition

~8 questions · MVP mapping

Live

At-Bay

~20 questions · 14 pages

April

Corvus

~15 questions · 3 pages

April

Travelers

Short-form + supplements

May

Hartford

~8 questions + supplement

April
Connections

Reads from the actual security stack

Not a questionnaire. Not a checklist. Evidence from the systems that determine whether the answer is true.

Microsoft 365 / Entra ID

MFA, Conditional Access, and identity posture

Live

Microsoft Defender

EDR deployment and device inventory

Live

DNS

SPF, DKIM, DMARC posture for public email domains

Live

Veeam Backup

Backup status, immutability, and restore tests

April

Datto RMM + BCDR

Patches, backups, and device inventory

April

NinjaOne

Patch compliance and endpoint inventory

May
Why this matters

The legal cost of inaccurate attestations

Courts are voiding policies. Carriers are suing MSPs. The check box is now a legal statement with a real financial blast radius.

$1,000,000

Travelers v. ICS

Policy rescinded after MFA posture did not match the application.

~$500,000

Ace American v. Congruity 360

Carrier pursued MSP-side recovery tied to alleged control failures.

28,555

NAIC 2024

Cyber claims closed without payment, showing why defensible answers matter.

Pricing

Built for MSP economics

Free
$0

Email-security DNS scan for unlimited domains.

Pro
$249/mo

Carrier mappings, control expansion, evidence ledger, and workflow automation.

Scale
$499/mo

Unlimited tenants, white-label exports, and broker visibility.

Stop guessing. Start proving.

The scan page is live now for public email-security posture.

Open the scan workflow
What's shipping

Changelog

  • Mar 2026LaunchLanding page ported into Next.js App Router
  • Mar 2026ControlEmail security DNS scan for SPF, DKIM, and DMARC
  • Mar 2026CarrierHardcoded Coalition mapping for email-security checks
  • Apr 2026CarrierHartford + At-Bay mappings planned