Rentals
Shop Online
  • SOLUTION 10. SECURITY

Defended in depth. Proven on paper .

Braintree is your security operations partner. We harden your Microsoft environment, monitor it around the clock, and produce the POPIA evidence your board asks for.
Book a security review
Take the posture assessment
SA clients
0 +
Microsoft-
certified
0 +
Microsoft
Managed
Partners
0 in SA
Detection and
response
0 /7
security img1 | Braintree
  • The wedge most security vendors cannot claim.

We run your defence. We do not resell tools.

Most security vendors hand you another agent, another console and another licence to manage. Braintree runs managed detection and response on the Microsoft Defender and Sentinel signals already inside your tenant. We tune the detections, watch them around the clock, and answer when something fires. No tool sprawl. A posture that is held, not sold.
Managed detection and response, on your existing Microsoft tenant.
security img2 | Braintree
  • The Microsoft security stack

The Microsoft security stack. Five products. One defended posture.

Microsoft Sentinel

Cloud-native SIEM and SOAR. The signal layer your security operations centre runs on, correlating every alert across the estate, around the clock.

Microsoft Defender

Defender for Endpoint, Cloud, Office 365 and Identity. Configured, tuned, and watched. Signal, not noise.

Microsoft Entra ID

Conditional access, multi-factor enforcement, privileged identity management and scheduled access reviews.

Microsoft Purview

Data classification, sensitivity labels, data loss prevention, and the POPIA evidence file.

Microsoft Secure Score

The one posture number your board can track. Baselined, moved, and held at international best practice.

  • Defence in depth.

Five attack surfaces. One operations centre watching

Attackers do not pick one door. Braintree’s security operations centre watches all five, on the Microsoft signals already inside your tenant, and feeds every one into Microsoft Sentinel. Detection is tuned. Response has a clock.
Surface 01

Identity

Microsoft Entra ID

Conditional access, multi-factor enforcement and privileged identity management. The most attacked surface, closed first.

Access reviews

Scheduled reviews of admin roles and standing access. Stale privilege is removed before it is abused.

Surface 02

Endpoint

Microsoft Defender for Endpoint

Attack-surface reduction rules, device compliance through Intune, and behavioural detection on every managed device.

Ransomware recovery

Immutable backups and tested restores. A measured time to recover, not a hope

Surface 03

Email and apps

Microsoft Defender for Office 365

Phishing, malware and malicious-link protection across Exchange, Teams and SharePoint.

Safe Links and Safe Attachments

Every link and file checked at the moment of click. The surface most breaches start on, closed.

Surface 04

Data

Microsoft Purview

Sensitivity labels, data loss prevention and retention policy. The controls a POPIA evidence file is built from.

POPIA evidence file

Documented controls, kept current. Audit-ready on demand, not reconstructed after a request lands.

Surface 05

Cloud

Microsoft Defender for Cloud

Cloud security posture management across your Azure estate. Misconfiguration found before an attacker finds it.

Workload protection

Servers, containers and databases monitored for threats, on the Azure regions inside South Africa.

The operations layer

Braintree Security Operations Centre

Every signal above flows into Microsoft Sentinel and into a security operations centre staffed around the clock. SA-based analysts, tuned detections, documented response playbooks, and a monthly posture report written for the board. Detection without an operations centre behind it is just a louder alarm.
  • How we run it

Security is a posture you hold. Not a project you finish.

Four disciplines, run as one continuous loop. Assess sets the baseline. Harden moves the Secure Score. Monitor never sleeps. Respond has a clock. Then the loop begins again.

Assess

Microsoft Secure Score baseline, a POPIA gap analysis and an attack-surface review. You get a written posture report and a prioritised hardening plan.

Harden

Defender configuration, conditional access, MFA enforcement, data classification and immutable backups. The Secure Score moves. The evidence file starts.

Monitor

A security operations centre on Microsoft Sentinel and Defender signals, around the clock, with tuned thresholds. Signal reaches the responders. Noise does not.

Respond

An SA-based incident response team, documented playbooks and preserved evidence. A defined clock on containment, eradication and recovery.

Braintree does not hand you a dashboard and call it defence. We hold the posture, every day after.
  • Two paths. One defended posture.

Standalone service, or bundled under one agreement.

Security does not always sit with the same partner as productivity or cloud. Run Braintree managed security as a standalone service on your existing Microsoft tenant, or fold it into the One Agreement alongside Azure and Microsoft 365. Same operations centre. Same posture. Your commercial model decides.
Best when security is procured on its own, or another partner holds your Microsoft estate.

Standalone managed security

  • Runs on your existing Microsoft tenant. No migration required.
  • Its own scope, its own SLA, its own invoice.
  • No disruption to your current Microsoft partner.
  • A dedicated operations centre and SA-based incident response.
Best when Braintree already runs your Azure or Microsoft 365.

Bundled under One Agreement

  • One Microsoft Customer Agreement covering productivity, cloud and security.
  • One SLA, one invoice, one accountable team.
  • Cost efficient when Microsoft spend is already consolidated.
  • Productivity, cloud and posture on a single roadmap.
Book a security review
  • One posture. The commercial case.

One Microsoft Partner. One Intelligent Agreement. One Unified, Secure Solution.

Security bolted on as a separate vendor means a separate contract, a separate SLA, and a gap at every handoff between your productivity partner, your cloud partner and your security tool. Braintree closes the gap. Productivity, cloud and security on one Microsoft Customer Agreement, one operations centre, one accountable team.
A separate security vendor, a separate contract, a gap at every handoff.

Before. Security bolted on.

  • A standalone security tool with its own agent and its own licence
  • A separate contract and a separate renewal cycle
  • Finger-pointing between IT partners when something fires
  • No single team accountable for the Secure Score
  • POPIA evidence scattered across vendors
One Braintree agreement. One operations centre. One posture.

After. One Intelligent Agreement.

  • One Microsoft Customer Agreement across Azure, Microsoft 365 and security
  • One operations centre watching productivity, cloud and posture
  • One team accountable for the Secure Score and the incident clock
  • One quarterly review across the whole Microsoft estate
  • One POPIA evidence file. Current, and audit-ready.
0 %

Microsoft Secure Score, held Efficient Group, a South African financial services firm.
Braintree ran the Microsoft Cybersecurity Assessment,
hardened the estate, and took managed security
operations. International best practice, maintained.

2 regions

Microsoft Azure inside South African borders Azure South Africa North in Joburg, with three Availability Zones, and Azure South Africa West in Cape Town. Your security telemetry and POPIA evidence stay resident.

R10m

POPIA statutory maximum penalty The Information Regulator moved from reactive complaints to proactive monitoring in 2026. The first direct-marketing fine has already landed. Posture is now a board number.

  • vs the alternative

A third-party MSSP, Managed Microsoft Defender, and the practical winner.

Dimension
Third-party MSSP tool
Braintree Managed Defender
Practical winner
WedgeSecurity tooling
A separate agent and console bolted onto your tenant
No new tool. We operate the Microsoft Defender and Sentinel you already own
Braintree
Detection signal
A duplicate SIEM, re-ingesting what Microsoft already sees
Microsoft-native signals, tuned. One source of truth
Braintree
Secure Score and POPIA evidence
The vendor's own risk score, in the vendor's own console
Microsoft Secure Score and Purview. Native, board-ready
Braintree
Data residency for SA
Telemetry often processed and stored offshore
Microsoft Azure Joburg and Cape Town. POPIA-aligned
Braintree
Concierge breadth
A mature concierge model and proprietary playbooks
Microsoft-native playbooks. SA-based responders
MSSP
Cost on a Microsoft estate
A standalone licence on top of your Microsoft spend
Folds into the Microsoft Customer Agreement
Braintree
5 to 1 in Braintree’s favour. A dedicated third-party MSSP wins on concierge breadth and proprietary tooling depth. Honest.
  • Talk to a security specialist

Three security specialists. One direct line. Plus the posture assessment.

The bench you’ll work with

Three security specialists. Matched to your review.

Screenshot 2026 06 01 at 13.52.48 | Braintree

01 Head of Security

Microsoft Certified. Security operations and architecture.

02 Defender and Identity Specialist

Microsoft Certified. Defender suite and Microsoft Entra ID.

03 POPIA and Compliance Lead

Microsoft Purview. Information Regulator evidence file.

We match you to the right specialist when you book the review. Names land in your calendar invite, not on a page you scrolled past.
Match me to a specialist →
  • Free, 8 minutes

How exposed is your Microsoft environment today?

Eight questions. Two minutes. We map your security posture against benchmarks from 220+ SA clients. You get a tier. Strong, Maturing, Exposed, or Critical. Plus the actions that close the gap, and a written response within five business days.
Take the posture assessment
  • Book the review.

From security review to a hardening plan in three steps.

01

Share your environment

Tell us your tenant size, your current Microsoft Secure Score if you know it, and your top concern. Five to ten minutes on your side.

02

5-day scoped response (SLA)

Braintree returns a written security posture assessment. Secure Score baseline, POPIA gap analysis and a prioritised hardening plan. Inside five business days.

03

30-minute findings call

A security specialist walks you through the findings and the hardening plan. A board-ready summary. No sales theatre.
Book the 30-minute security review
  • Common questions, honestly answered.

What CIOs and CISOs ask before they book.

Eight questions we answer in every security review. Pre-empted here so you can scan first.
Where does our security telemetry and POPIA evidence live?
On Microsoft Azure South Africa North in Joburg, with three Availability Zones, or Microsoft Azure South Africa West in Cape Town. POPIA-aligned by default. The Information Regulator’s 2026/27 priorities shifted from reactive complaints to proactive monitoring. The first direct-marketing fine of R100,000 was issued to FT Rams Consulting. The maximum penalty is R10 million or 10 years. A security partner with SA Azure operations keeps your telemetry and your evidence file resident. Braintree can.
Both. Braintree managed security runs as a standalone service on your existing Microsoft tenant, with its own scope, its own SLA and its own invoice. It also folds into the One Agreement alongside Azure and Microsoft 365 when Braintree already runs your Microsoft estate. Your commercial model and your existing partner relationships drive the choice. The operations centre and the posture are the same on either path.
A third-party MSSP layers its own agent, console and concierge service on top of whatever you run. Braintree manages security directly on the Microsoft Defender and Sentinel signals already in your tenant. No duplicate agent, no second SIEM, and the Secure Score and POPIA evidence come from Microsoft’s native tooling. Both deliver around-the-clock managed detection and response. Managed Defender is usually simpler to run and more cost efficient when your Microsoft spend is already consolidated. A dedicated MSSP wins on concierge breadth. Choose the model that fits your architecture.
It means data classification with sensitivity labels, retention and deletion policies, documented access controls, a breach notification workflow that meets Information Regulator timelines, and an evidence file that records each control. Plus data residency on the South African Azure regions by default. The architecture is documented and maintained, not a policy PDF written once and filed.
The operations centre watches around the clock. A Severity 1 incident triggers a responder inside the SLA committed in your scope of work, with an SA-based engineer on the call. Documented playbooks cover containment, eradication, evidence preservation and stakeholder notification. The clock and the playbook are agreed before anything fires, not improvised during it.
Microsoft Secure Score with a trend line, an incident summary with response times, a Defender signal overview, MFA and conditional access coverage, backup and recovery test status, POPIA evidence file updates, and a one-page board summary. It is written for the audit committee, not for the operations centre.
Yes. Standalone managed security runs on your existing Microsoft tenant with a clear scope boundary. Your productivity and infrastructure partners continue their engagements untouched. Braintree takes the security layer with a defined scope of work, a defined SLA, and a documented handover protocol for shared change management.
Three answers. Credentials. Braintree is one of three Microsoft Managed Partners in South Africa, with 220+ SA clients, 100+ Microsoft-certified professionals and 10+ years on Microsoft. Residency. The honest answer to where your telemetry and evidence live comes from a partner with SA Azure operations. Operations. Braintree runs a security operations centre, not just a tool. Detection without an operations centre behind it is just a louder alarm.
  • From the Braintree practice.

Insights for CIOs and CISOs hardening their Microsoft environment.

Posture

Microsoft Secure Score. The one number your board should track.

What Secure Score actually measures, why it beats most third-party risk scores, and how to move it from a low baseline to international best practice inside a year.
  • Article in production

Compliance

POPIA breach reporting. What the Information Regulator expects.

Timelines, evidence and notification steps. And the controls the Regulator expects documented before a breach, not scrambled together after one.
  • Article in production

Managed services

Managed Microsoft Defender or a third-party MSSP. Which fits an SA business?

A positioning-neutral comparison. Where a dedicated MSSP tool wins, where Managed Microsoft Defender wins, and how to choose without the vendor noise.
  • Article in production
  • Where this connects.

Security is one surface of the Microsoft estate we run.

One Braintree agreement. One team. Full Microsoft coverage.

Azure Cloud

The cloud estate your security posture protects. Migration and managed Azure, on the South African regions, POPIA-aligned from day one.

Explore →

Modern Workplace

Microsoft 365 run end to end. The Secure Score on the productivity layer, maintained alongside your security posture.

Explore →

Support & Managed Services

Proactive managed IT under one SLA. Security operations and the service desk on a single accountable team.

Explore →
  • Defended in depth. Proven on paper.

Give your CIO and CISO a posture they can prove.

A 30-minute security review. We baseline your Microsoft Secure Score, find the gaps, and hand you a hardening plan. No pitch deck.
Book a security review
Take the posture assessment