Rubrik (NYSE: RBRK) announced an integration with Microsoft Defender that connects real-time identity threat detection with automated identity rollback and recovery capabilities. The integration was announced at RSAC 2026.

The partnership allows organizations to extend Microsoft Defender detections into Rubrik's identity recovery workflows, enabling teams to investigate incidents, reverse malicious identity changes, and restore systems across hybrid environments.

According to Rubrik Zero Labs research, 90% of IT and security leaders identify identity-driven cyberattacks as their organization's primary concern. The integration addresses the gap between threat detection and recovery, allowing organizations to move from detected compromise to recovered state in hours rather than days.

"Detection is only half of the battle," said Anneka Gupta, Chief Product Officer at Rubrik. "Organizations need the ability to quickly and surgically reverse malicious identity changes and completely restore their infrastructure."

The joint solution enables customers to correlate threat alerts with identity changes, reverse malicious identity modifications without full domain restores, restore trusted identity states using immutable recovery points, and maintain visibility across hybrid identity environments including Active Directory and Entra ID.

Over the past 15 months, Rubrik has expanded its identity capabilities with recovery for Active Directory and Entra ID, protection for multi-identity provider environments including Okta, and ecosystem integrations with security platforms including CrowdStrike Falcon Identity Protection.

The integration builds on Rubrik's Identity Resilience vision, focused on ensuring identity systems remain trusted, available, and recoverable during cyberattacks, operational disruptions, and compliance requirements, according to the company's press release.