Commvault and Microsoft Unite AI and Cyber Recovery to Strengthen Enterprise Resilience
The new integration uses Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform to streamline resilience operations (ResOps) and enable real-time data insights, helping organizations move quickly from identifying a threat to validating and restoring clean data faster with greater confidence.
Commvault, a leader in unified resilience at enterprise scale, announced an expanded integration with Microsoft Security to better connect threat detection with trusted recovery. The new integration uses Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform to streamline resilience operations (ResOps) and enable real-time data insights, helping organizations move quickly from identifying a threat to validating and restoring clean data faster with greater confidence.
This announcement is particularly relevant for enterprises across the UAE and Saudi Arabia, where the cyber threat landscape is intensifying rapidly. Ransomware affiliates targeting GCC countries have increased underground recruitment efforts by 44%, reinforcing the urgency of integrated and automated cyber resilience strategies. At the same time, regulatory frameworks across both markets are evolving rapidly to mandate stronger resilience postures.
In the UAE, the National Cyber Security Strategy (2025–2031) marks a decisive shift from voluntary compliance to mandated resilience, requiring organizations to demonstrate end-to-end capabilities spanning detection, response, and recovery. Similarly, Saudi Arabia’s National Cybersecurity Authority, through Essential Cybersecurity Controls (ECC-2:2024), now requires government entities and critical national infrastructure operators to implement robust incident response and business continuity practices. Together, these developments reflect a broader regional investment in operational cyber resilience and sovereign security readiness, where organizations must not only defend against threats but also prove their ability to recover rapidly and securely.
Against this backdrop, the Commvault and Microsoft integration enables closer alignment between security and recovery teams through coordinated workflows. Security alerts from Commvault Cloud are ingested into Microsoft Sentinel data lake where security operations center (SOC) analysts can enrich these incidents with partner intelligence to access impact and validate scope. In the coming quarters, these insights can drive automated, policy-based recovery workflows to accelerate and orchestrate clean recovery at speed.
As part of this announcement, Commvault is introducing two integrated capabilities that directly bridge the gap between threat detection and trusted recovery. The first is a modernized Microsoft Sentinel Connector, which streams alerts and signals generated from Commvault Cloud Threat Scan and Risk Analysis. It includes malware detections, backup anomalies, and sensitive data exposure into Microsoft Sentinel in real time. This enables security teams to correlate backup-layer intelligence with broader threat signals, improving early detection of ransomware patterns while seamlessly integrating into existing SOC workflows without added complexity.
The second capability is Commvault’s Investigation Agent within Microsoft Security Copilot, purpose-built for cyber recovery investigations. The agent autonomously analyzes suspicious activity and draws on Commvault’s recovery-layer intelligence to determine the full scope of an incident, including impacted hosts, anomalous encryption patterns, and validated restore points. By correlating these insights with broader Microsoft security signals, the solution eliminates manual intervention, accelerates decision-making, and significantly lowers mean time to clean recovery (MTCR). For organizations operating under UAE and Saudi regulatory frameworks, this capability also enhances audit readiness and supports compliance reporting requirements.
“This isn’t just an integration – it’s a blueprint for the future of agentic ResOps. As attacks continue to evolve, siloed approaches don’t work. Seconds matter. By uniting and automating critical workflows, Commvault and Microsoft are ushering in a modern approach that can diminish the time between detection and recovery, advance the collaboration between IT and security teams, and keep enterprises running in a state of continuous resiliency.”
– Michelle Graff, SVP, Global Channels and Partnerships, Commvault
“In today’s threat landscape, the need to connect AI-enabled intelligence with automated recovery has never been greater. The combination of Microsoft’s Security Copilot, Microsoft Sentinel, and Commvault’s Threat Scan and Risk Analysis gives enterprises access to a unified approach that can transform ResOps.”
– Krishna Kumar Parthasarathy, CVP Sentinel Platform, Microsoft Security
Availability
Commvault’s updated Microsoft Sentinel connector and Investigation Agent in Security Copilot are currently in early access with general availability expected this summer.
