OpenText™ Core Threat Detection and Response is now available on the Microsoft Azure Marketplace, making it easier than ever for security teams to deploy advanced behavioral threat detection directly into their Microsoft environments. Purpose-built to enhance Microsoft Defender for Endpoint, Entra ID, and Security Copilot, the solution uses unsupervised machine learning and behavioral risk scoring to detect insider threats, credential misuse, and advanced attacks that evade traditional tools.
With native integration, AI-powered summaries, and contextual prioritization, organizations can reduce alert fatigue, accelerate investigations, and get more value from their existing Microsoft security investments starting today. Best of all, there are no rules to write or maintain allowing threat hunters to focus on stopping threats.
How OpenText unlocks deeper value from Microsoft security tools
Microsoft security tools are powerful on their own. They provide rich endpoint and identity telemetry, broad coverage, and native integration across the Microsoft ecosystem. Their strength lies in what’s expected, ours lies in what deviates from expectation. Together, we bridge the gap between surface-level activity and deep behavioral insight.
OpenText Core Threat Detection & Response continuously learns what “normal” looks like in your environment and at the level of users, machines, processes, sessions, and access patterns. Using unsupervised machine learning and behavioral risk scoring, it flags early-stage insider threats, account misuse, and slow-moving attacks that blend into everyday activity.
We don’t replace Microsoft security, we level it up.
View on the Azure MarketplaceWhat else do you get with OpenText?
Behavioral intelligence from your existing Microsoft signals
Tap into the telemetry already flowing through Microsoft Defender for Endpoint and Entra ID. Core Threat Detection and Response analyzes it through behavioral models built on unsupervised machine learning transforming raw signal into prioritized, high-fidelity insights.
Built-in threat context, no tuning required
The system continuously learns what’s normal across users, machines, and services. That means no rules to manage, no baselines to configure, and no scripting to keep pace with evolving attacker behavior. You get detections tailored to your environment from day one.
Risk-based prioritization that knows your business
Instead of flooding your SOC with alerts, threats are ranked by their potential impact using mathematically grounded risk models. This helps your team focus attention where it matters on the threats most likely to cause damage.
Natural language summaries for every detection
Each alert includes an AI-generated, plain-language explanation that ties behaviors to the MITRE ATT&CK framework. Analysts of all levels can act quickly with confidence, reducing investigation time and decision friction.
Stronger Microsoft security, seamlessly integrated
With native support for Defender, Entra ID, and Microsoft Security Copilot, the solution complements your existing stack, no agents, no duplicate tooling. You keep your Microsoft architecture and gain a layer of behavioral insight it doesn’t provide natively.
Options for expert guidance and managed services
Whether you want advisory support, 24×7 threat monitoring, or full SOC-as-a-Service, our tiered Insider Security Program grows with your needs. We deliver detection, hunting, and response aligned to your risk profile and maturity level.
The value of Azure Marketplace access
With availability on the Azure Marketplace, it’s now easier than ever to deploy OpenText Core Threat Detection & Response alongside your Microsoft ecosystem. Leverage your Microsoft investments, streamline procurement, and accelerate adoption. And do it all while all while adding behavioral intelligence your SOC doesn’t have today.
View on the Azure Marketplace
