Commvault Expands Microsoft Security Integration to Accelerate Threat Detection and Recovery

Commvault has announced an expanded integration with Microsoft Security, connecting threat detection, investigation, and trusted recovery to strengthen enterprise cyber resilience operations. The integration brings together Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform to streamline resilience operations (ResOps), enabling organisations to move more quickly from threat identification to clean data recovery. Bridging […]

Cyber Resilience

Posted: Tuesday, Mar 24

KBI.Media
$
Commvault Expands Microsoft Security Integration to Accelerate Threat Detection and Recovery

Commvault Expands Microsoft Security Integration to Accelerate Threat Detection and Recovery

Commvault has announced an expanded integration with Microsoft Security, connecting threat detection, investigation, and trusted recovery to strengthen enterprise cyber resilience operations.

The integration brings together Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform to streamline resilience operations (ResOps), enabling organisations to move more quickly from threat identification to clean data recovery.

Bridging detection and recovery workflows

The new capabilities are designed to eliminate traditional silos between security and backup teams by enabling coordinated workflows across platforms.

Security alerts generated by Commvault Cloud are ingested into Microsoft Sentinel, where security operations centre (SOC) teams can analyse and enrich incidents alongside broader threat intelligence.

In future updates, these insights will also drive automated, policy-based recovery workflows to accelerate clean data restoration.

Enhanced visibility and investigation capabilities

As part of the integration, Commvault has introduced a modernised Sentinel connector that streams real-time alerts and signals, including malware detections, backup anomalies, and sensitive data exposure.

This allows organisations to incorporate backup telemetry into SOC workflows and identify ransomware patterns earlier.

Additionally, Commvault’s Investigation Agent within Microsoft Security Copilot enables automated analysis of suspicious activity. The agent leverages recovery-layer intelligence to determine the scope of incidents, including impacted systems and validated restore points.

By correlating this data with Microsoft security signals, the solution helps reduce manual coordination and shorten mean time to clean recovery (MTCR).

Advancing cyber resilience operations

Michelle Graff, SVP of Global Channels and Partnerships at Commvault, said the integration represents a shift toward more automated and collaborative resilience strategies.

“This isn’t just an integration – it’s a blueprint for the future of agentic ResOps. By uniting and automating critical workflows, organisations can significantly reduce the time between detection and recovery.”

Krishna Kumar Parthasarathy, CVP of the Sentinel Platform at Microsoft Security, added that connecting AI-driven intelligence with automated recovery is becoming increasingly critical in today’s threat landscape.

Availability

The updated Microsoft Sentinel connector and Investigation Agent in Security Copilot are currently in early access, with general availability expected later this year.