Commvault Connects AI Threat Detection, Investigation, and Trusted Recovery with Microsoft Security

TINTON FALLS, N.J. – March 23, 2026 – Commvault (NASDAQ: CVLT), a leader in unified resilience at enterprise scale, today announced an expanded integration with Microsoft Security to better connect threat detection with trusted recovery. The new integration uses Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform to streamline resilience operations (ResOps) and enable real-time data insights, helping organizations move quickly from identifying a threat to validating and restoring clean data faster with greater confidence.

This new integration enables coordinated workflows between security and recovery teams. Security alerts from Commvault Cloud are ingested into Microsoft Sentinel data lake where security operations center (SOC) analysts can enrich these incidents with partner intelligence to access impact and validate scope. In the coming quarters, these insights can drive automated, policy-based recovery workflows to accelerate and orchestrate clean recovery.

As part of this announcement, Commvault is delivering integrated capabilities that bridge the gap between threat detection and trusted recovery.

• Modernized Microsoft Sentinel Connector: Streams alerts and signals generated by Commvault Cloud Threat Scan and Risk Analysis, including malware detections, backup anomalies, and sensitive data exposure, into Microsoft Sentinel in real time. This provides security teams with visibility into backup-related risks alongside broader threat intelligence and helps organizations identify ransomware patterns earlier while incorporating backup telemetry into existing SOC workflows.
• Commvault’s Investigation Agent in Security Copilot: Specifically designed for cyber recovery investigations, Commvault’s Investigation Agent in Microsoft Security Copilot autonomously analyzes suspicious activity and uses Commvault’s recovery-layer intelligence to determine scope including impacted hosts, anomalous encryption patterns, and validated restore points. By correlating these insights with broader Microsoft security signals, it can help eliminate manual coordination between security and backup teams while reducing mean time to clean recovery (MTCR).

“This isn’t just an integration – it’s a blueprint for the future of agentic ResOps,” said Michelle Graff, SVP, Global Channels and Partnerships at Commvault. “As attacks continue to evolve, siloed approaches don’t work. Seconds matter. By uniting and automating critical workflows, Commvault and Microsoft are ushering in a modern approach that can diminish the time between detection and recovery, advance the collaboration between IT and security teams, and keep enterprises running in a state of continuous resiliency.”

“In today’s threat landscape, the need to connect AI-enabled intelligence with automated recovery has never been greater,” said Krishna Kumar Parthasarathy, CVP Sentinel Platform, Microsoft Security. “The combination of Microsoft’s Security Copilot, Microsoft Sentinel, and Commvault’s Threat Scan and Risk Analysis gives enterprises access to a unified approach that can transform ResOps.”

Availability

Commvault’s updated Microsoft Sentinel connector and Investigation Agent in Security Copilot are currently in early access with general availability expected this summer.

About Commvault
Commvault (NASDAQ: CVLT) is a leader in unified resilience at enterprise scale. In a constantly evolving threat landscape, Commvault keeps customers ready by unifying data security, identity resilience, and cyber recovery, on one cloud-native, AI-enabled platform. Customers trust Commvault to conduct the fastest, most complete recoveries – not just their data, but their entire business. Purpose-built for the agentic enterprise, Commvault also enables organizations to safely embrace AI while protecting against AI-driven threats.