OpenText Enhances Detection and Response with AI: Deep Integrations with Microsoft Defender, Entra ID, and Copilot to Reduce Noise and Accelerate Response

Cloud
Share on Pinterest Share on LinkedIn

Waterloo (Ontario), October 8, 2025. OpenText has announced new capabilities in OpenText™ Core Threat Detection and Response, its AI-powered detection and response solution now deeply integrated with Microsoft Defender for Endpoint, Microsoft Entra ID, and Microsoft Copilot for Security. The company, positioned as a global provider of secure information management for AI, argues that this alliance enables security teams to detect earlier, investigate better, and respond faster, while also reducing alert noise that floods SOCs.

The core idea is clear: adversaries also use AI to move faster and hide better. OpenText’s response involves extending Copilot for Security with behavior-based indicators and identity intelligence derived from a continuous analysis of endpoints and users. The result, according to the company, is more relevant summaries, guided investigations, and actionable recommendations that help analysts go from signal to action with greater confidence.

“With OpenText Core Threat Detection and Response, we simplify security and enhance protection against internal threats and sophisticated attacks that are difficult to detect,” said Muhi Majzoub, EVP of Security Products at OpenText. “Driven by AI and natively integrated with Microsoft security tools, it filters out noise and highlights high-confidence threats—including those often overlooked—allowing teams to respond accurately.”

What the Microsoft integration brings (and why it matters)

The update positions OpenText Core Threat Detection and Response as a cornerstone of the next-generation OpenText Cybersecurity Cloud, linking it to three components many clients already operate:

  • Microsoft Defender for Endpoint: telemetry and signals from the endpoint fleet to enhance behavior-based detection, identify lateral movement, and correlate suspicious activity at the device level.
  • Microsoft Entra ID: identity context (risky sign-ins, privilege abuse, account takeover signals) to cross-reference with what’s happening on devices.
  • Microsoft Copilot for Security: AI assistant that receives enriched indicators and context to deliver summaries, follow-up questions, and guided investigations, along with recommended actions.

The combination of endpoint behavior + identity context + AI assistance aims to address two chronic SOC challenges: alert overload and long investigation times caused by incomplete context. With a dashboard prioritizing high-confidence threats, analysts can filter less friction and initiate coordinated containment or remediation playbooks.

From Microsoft’s side, Heather Deggans, VP of Americas Software Development Companies at Enterprise Partner Solutions, linked the integration to the need to better leverage existing data: “Collaboration with OpenText adds new capabilities for organizations looking to strengthen their posture against the rising tide of attacks. With integrations with Defender, Entra ID, and Security Copilot, the solution helps to increase efficacy and efficiency against elusive threats and amplify ROI.”

Key use cases clients are demanding

OpenText summarizes the scenarios where clients are focusing on evaluations and upcoming deployments:

  • Internal threats and data misuse: detection of anomalous access, privilege abuse, and exfiltration patterns, correlating device and identity.
  • Account takeover and identity attacks: correlation of risky sign-ins and endpoint signals to detect credential abuse cases before they escalate.
  • Early ransomware detection and “hands on keyboard”: identifying suspicious encryption behaviors, discovery, and persistence in early phases to act before impact.
  • Noise reduction and triage: prioritizing high-confidence threats with behavior-based indicators so analysts focus on what matters.
  • Guided investigation and automated response: enriched cases with context and playbook activation to accelerate containment and remediation.

The underlying premise in all cases: supporting the analyst with context and automation to save precious minutes in the critical detection and containment window.

Less complexity: AI for preemption and operational unification

The update aligns with a cross-sector concern: excessive complexity. OpenText cites new data from the Ponemon Institute suggesting that 73% of security and IT leaders prioritize simplification to strengthen posture, even as the proliferation of IoT and growth of unstructured data complicate defenses. This is why it emphasizes AI-driven and integrated solutions that prevent (when possible), mitigate compliance risks, and enhance efficiency across cloud, on-premises, and hybrid environments.

OpenText Core Threat Detection and Response is now offered as part of the OpenText Cybersecurity Cloud, promising comprehensive visibility, identity-centric protection, accelerated detection, and coordinated response at enterprise scale.

Practical operation: from “signal” to “action”

While the company does not specify the internal engine, its proposed workflow can be summarized as follows:

  1. Signal ingestion and correlation: from endpoint signals (Defender) and identity signals (Entra ID) using OpenText’s own behavior logic.
  2. Copilot for Security receives enriched indicators and context to produce summaries, hypotheses, and recommended steps (guided investigation).
  3. Prioritization: the dashboard elevates high-confidence threats to the top and reduces low-quality alerts volume.
  4. Orchestration: analysts can trigger playbooks for containment/remediation, from device isolation to credential resets and temporary access policies.

This cycle aims to prevent SOCs from getting bogged down in endless investigations or repetitive triages, with AI helping to contextualize and suggest concrete steps.

Availability, fit, and outlook

  • Availability: Core Threat Detection and Response is now available within the OpenText Cybersecurity Cloud.
  • Fit: Designed for clients already using Microsoft Defender for Endpoint, Entra ID, and Copilot for Security, seeking to leverage existing data and add behavior-based detection + identity without introducing another fragmented console.
  • Outlook: To strengthen a unified platform for prevention, detection and response, recovery, investigation, and compliance with real-time contextual threat intelligence.

OpenText clarifies that these are forward-looking statements subject to risks and assumptions; actual results may differ from expectations, as detailed in their filings to regulators.

Implications for three different profiles

Chief Information Security Officer (CISO) at a company with a Microsoft stack

  • Fewer consoles, more context. Integration with Defender/Entra/Copilot allows extracting value from existing investments.
  • Identity risk + endpoint behavior integrated into the same narrative, with action guides within the AI assistant.

SOC Manager overwhelmed by alerts

  • Noise reduction and prioritization of high-confidence threats.
  • Enriched cases to accelerate MTTD/MTTR without sacrificing investigation quality.

Compliance officer

  • Guided investigations and playbooks that leave traceability.
  • Data and action models that can be mapped to audit and risk frameworks.

Context: why “identity + endpoint + AI” is the triad of the moment

  • Identity: attacks on accounts (phishing, token theft, MFA fatigue) are still gaining traction; correlating risky sign-ins with device signals allows raising cases before they turn into major incidents.
  • Endpoint: telemetry from Defender offers a rich substrate to detect anomalous behavior (discovery, execution, persistence, encryption).
  • AI: used as a copilot—not a substitute—, it helps to summarize, guide, and suggest remediations, reducing the cognitive load on analysts.

The value lies in integration: each individual component contributes, but it’s the cross-signal analysis that enables early detection and more accurate responses.

Conclusion

OpenText strengthens its investment in AI in cybersecurity with a launch that aligns with the reality of many clients: Microsoft is the foundation of its enterprise security, and the noise in the SOC is unsustainable. Core Threat Detection and Response arrives to connect dotsendpoint, identity, AI assistance—, reduce alert volume, and shorten the gap between signal and action. At a moment when complexity and talent shortage threaten, integration becomes a strategic imperative, and AI moves from promise to concrete aid.

Frequently Asked Questions (FAQ)

What is OpenText Core Threat Detection and Response, and how does it integrate with Microsoft?
It is an AI-powered detection and response solution that now integrates with Microsoft Defender for Endpoint, Microsoft Entra ID, and Microsoft Copilot for Security. It correlates endpoint behavior and identity signals, extending Copilot with context and indicators to deliver summaries, guided investigations, and actions.

Which use cases does this integration best support?
It excels in internal threats and data misuse, account takeover and identity attacks, early ransomware detection, alert noise reduction, and automated response via playbooks.

How does it help reduce alert noise in the SOC?
It prioritizes high-confidence threats with behavior-based indicators and identity context, enabling analysts to focus on what matters and spend less time on repetitive triaging.

Is it already available, and in what environment does it deploy?
Yes. OpenText Core Threat Detection and Response is currently available as part of OpenText Cybersecurity Cloud, supporting cloud, on-premises, and hybrid environments. For more information and a demo, visit OpenText’s cybersecurity portal.

via: opentext

Share on Pinterest Share on LinkedIn
Scroll to Top