Let me try to help you with my experience;
- Ensure that your endpoints talk to Defender. If they are in use on daily bases, are date time stamps changing in Defender?
- When you implement a solution to cover single Security Recommendation, within 1-2 days do you see that numbers of affected devices go lower? So if you have like 100/100 on some ASR rule recommendation, you enable that rule in Intune, do you start seing that 100/100 drops to xx/100?
- Somewhere in dashboards, you can find in Defender the detailed score log, it basically logs what topic or issue when and how affected your score. Try to find that view and see what happends there.