Commvault has announced an expanded integration with Microsoft Security, designed to bridge the gap between threat detection and trusted data recovery. The integration brings together Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform to streamline resilience operations (ResOps) and accelerate incident response.
The enhanced integration enables organizations to move more efficiently from threat identification to validation and clean data restoration, leveraging real-time insights and AI-driven intelligence.
Strengthening Coordination Between Security and Recovery Teams
With this integration, security alerts generated within Commvault Cloud are ingested into Microsoft Sentinel’s data lake. This allows security operations center (SOC) teams to enrich incidents with contextual intelligence, assess impact, and validate scope more effectively. In upcoming phases, these insights are expected to power automated, policy-driven recovery workflows, reducing response time and improving operational efficiency.
Key Capabilities
- Modernized Microsoft Sentinel Connector:
Streams real-time alerts from Commvault Cloud Threat Scan and Risk Analysis, including malware detections, backup anomalies, and sensitive data exposure. This enhances visibility into backup-related risks and enables earlier detection of ransomware patterns within existing SOC workflows. - Investigation Agent in Security Copilot:
Purpose-built for cyber recovery investigations, the agent autonomously analyzes suspicious activity using Commvault’s recovery-layer intelligence. It identifies impacted systems, detects anomalous encryption patterns, and validates clean restore points. By correlating findings with broader Microsoft security signals, it helps reduce manual intervention and accelerates mean time to clean recovery (MTCR).
“This isn’t just an integration – it’s a blueprint for the future of agentic ResOps,” said Michelle Graff, SVP, Global Channels and Partnerships at Commvault. “As attacks continue to evolve, siloed approaches don’t work. Seconds matter. By uniting and automating critical workflows, Commvault and Microsoft are ushering in a modern approach that can diminish the time between detection and recovery, advance the collaboration between IT and security teams, and keep enterprises running in a state of continuous resiliency.”
“In today’s threat landscape, the need to connect AI-enabled intelligence with automated recovery has never been greater,” said Krishna Kumar Parthasarathy, CVP Sentinel Platform, Microsoft Security. “The combination of Microsoft’s Security Copilot, Microsoft Sentinel, and Commvault’s Threat Scan and Risk Analysis gives enterprises access to a unified approach that can transform ResOps.”
Availability
The updated Microsoft Sentinel connector and the Investigation Agent in Microsoft Security Copilot are currently in early access, with general availability expected by summer 2026.