On November 4, 2025, Veeam Software announced the launch of a new Veeam App for Microsoft Sentinel. This tool integrates the Veeam Data Platform with Microsoft Sentinel, which is a cloud-based Security Information and Event Management (SIEM) system. The integration brings real-time backup intelligence into Sentinel, allowing organizations to detect and respond to cyber threats targeting their backups more quickly. The new Veeam App for Microsoft Sentinel is available immediately at no extra cost for customers of Veeam Data Platform Advanced and Premium editions and can be accessed via the Microsoft Azure Marketplace and the Microsoft Sentinel Content Hub.
What is Veeam Data Platform
Veeam Data Platform (VDP) is a comprehensive suite of data protection and recovery software from Veeam. It provides a single platform to backup, restore, and manage data across various environments, including on-premises servers, cloud services, virtual machines, and even modern workloads like Software as a Service (SaaS) applications and Kubernetes (an open-source system for managing containers). The platform is designed to ensure that business data remains safe, recoverable, and resilient against disruptions such as hardware failures, accidents, or cyberattacks like ransomware. Veeam Data Platform includes advanced features for data security, monitoring, and automation to help companies meet compliance and recovery objectives with confidence. It is offered in multiple editions – Foundation, Advanced, and Premium – to suit different organizational needs and sizes. The new Microsoft Sentinel integration is included with the Advanced and Premium editions.
Key Features
The Veeam App for Microsoft Sentinel introduces several key features that unify backup operations with security monitoring:
- Actionable Security Intelligence: It ingests over 300 types of backup and security events (such as backup job failures, unusual activity alerts, ransomware detections, and findings from the Veeam Recon Scanner) and maps them to the MITRE ATT&CK framework (a standard reference for adversary tactics and techniques). This means security teams using Microsoft Sentinel can see detailed backup-related alerts in a familiar format, helping them spot early indicators of compromise. This is Veeam’s first integration with a SIEM platform that highlights adversary Tactics, Techniques, and Procedures (TTPs), giving teams earlier warnings of potential attacks on backup systems.
- Automated Response: The new app includes built-in response playbooks and two-way integration through APIs (Application Programming Interfaces). This allows Security Operations Center (SOC) teams to trigger immediate actions directly from Microsoft Sentinel when a threat is detected. For example, teams can automatically restore data from a safe backup, run malware scans on backup repositories, or launch remediation workflows without leaving the Sentinel console. These automated responses streamline incident handling and reduce the need for manual intervention, which means faster containment of threats and less downtime.
- Unified Visibility: Veeam’s integration provides unified dashboards within Microsoft Sentinel that display backup-related information alongside other security data. In practice, this means administrators can see backup health and security events in one place – for example, viewing ransomware threat detections, backup restore activities, and the status of backup jobs right next to other security alerts in Sentinel. Having all this information consolidated in the Sentinel dashboard helps analysts investigate incidents more quickly and ensures nothing is overlooked. It also supports a stronger compliance posture, because both security and backup events are monitored together, making it easier to report on security and data protection metrics.
- Integrated IT and Security Collaboration: By bringing backup insights into the SOC, the solution helps IT (Information Technology) and security teams work together more closely. It breaks down silos between backup administrators and cybersecurity personnel. When an incident occurs, both teams have a shared view of data from Veeam backups and security systems, which makes it easier to coordinate their response. This improved collaboration accelerates investigation and resolution of incidents. In particular, it strengthens defenses against ransomware and other attacks that target backups, because IT and security staff can jointly identify suspicious behavior in backup systems and take action in a unified way.
Licensing
The Veeam App for Microsoft Sentinel is provided at no additional cost for customers who have the Veeam Data Platform Advanced or Premium edition licenses. In other words, if your organization is already licensed for one of these Veeam Data Platform tiers, you can enable this Sentinel integration without buying anything extra. The app can be found through the Microsoft Azure Marketplace or in the Microsoft Sentinel Content Hub and added to your Sentinel environment. It’s important to ensure you have an appropriate Veeam Data Platform edition to use this feature. If you are unsure about your current licensing or need guidance, expert advice from SCHNEIDER IT MANAGEMENT is available to help you understand your options.
More information
Official press release (Veeam Software, November 4, 2025):
https://www.veeam.com/company/press-release/veeam-extends-support-for-microsoft-sentinel-to-elevate-security-intelligence-and-data-resilience.html
For our Veeam page, please visit: https://www.schneider.im/software/veeam/.
For our Microsoft page, please visit: https://www.schneider.im/software/microsoft.
Please contact us for expert services on your specific Veeam and Microsoft software and online services requirements and to request a quote today.
