Sophos on June 1, 2026 made Sophos Backup and Recovery Powered by Rubrik Cyber Resilience generally available worldwide through Sophos Central. This new service gives existing Sophos customers a unified backup and recovery solution for Microsoft 365 environments, directly integrated into the platform they already use for endpoint, network, and cloud security.

Sophos Central now becomes a single pane of glass for both security and data resilience. The move signals a strategic deepening of the Sophos–Rubrik partnership, first announced in 2025, bringing Rubrik's proven cyber resilience technology to Sophos's extensive customer base. With this launch, Sophos aims to address a critical gap in the shared responsibility model of cloud productivity apps. Microsoft 365 handles infrastructure uptime, but data protection against ransomware, accidental deletion, and insider threats falls to the customer.

Backup for Microsoft 365 is not new, but the integration with Sophos Central changes the game for managed service providers and IT teams already invested in the Sophos ecosystem. Instead of managing a separate backup console, administrators can now configure, monitor, and restore Microsoft 365 data—including Exchange Online, SharePoint Online, OneDrive for Business, and Teams chats and files—from the same interface they use for threat detection and response. This consolidation reduces operational overhead and speeds up recovery times.

What Sophos Backup and Recovery by Rubrik Delivers

The service is built on Rubrik's cloud-native architecture, which has long been a benchmark for immutability and rapid recovery. Every backup is stored in an immutable, air-gapped format, ensuring that even if an attacker gains admin privileges, the backups cannot be encrypted or deleted. Backup data is encrypted in transit and at rest, with encryption keys managed by the customer if desired. Rubrik's policy-driven automation allows admins to set granular retention schedules, from daily snapshots to yearly archives, across different data types.

Key features include:

  • Incremental forever backups: After the initial full backup, only changes are captured, reducing storage costs and network load.
  • Point-in-time recovery: Restore individual files, mailboxes, or entire SharePoint sites to any second within the retention window—a critical capability when dealing with sophisticated ransomware that lies dormant before detonation.
  • Instant mass restore: Rubrik's technology enables parallel recovery of thousands of objects, minimizing business downtime. In lab tests, a full tenant recovery completes in minutes rather than hours.
  • Sensitive data discovery: The service scans backed-up data for exposed credentials, PII, and other sensitive information, alerting admins to potential compliance risks.
  • Multi-geo support: For Microsoft 365 tenants spanning multiple regions, backup data can be stored in local Rubrik cloud instances to meet data residency requirements.

All these capabilities are managed through the Sophos Central dashboard, which now includes a dedicated "Backup & Recovery" tab. The integration goes beyond single sign-on. Security events in Sophos XDR can automatically trigger an on-demand backup of affected user mailboxes or SharePoint sites—preserving forensic evidence and enabling clean restoration. For example, if Sophos detects a suspicious login from an unusual location followed by mass file deletion in OneDrive, it can instantly snapshot the user's data before the adversary can spread.

Licensing, Pricing, and Availability

Sophos Backup and Recovery by Rubrik is licensed per user, bundled into existing Sophos subscription tiers. Sophos MDR and XDR customers with active licenses automatically receive a base allocation of protected users, with the option to purchase additional coverage. Exact pricing was not disclosed, but Sophos indicated that the add-on would be competitive with standalone Microsoft 365 backup solutions, typically ranging from $3 to $6 per user per month. A 30-day free trial with full functionality is available via the Sophos Central marketplace.

The service launches in all regions where Sophos Central operates, with data hosting initially in the United States, European Union, United Kingdom, Canada, Australia, and Japan. Additional regions are planned for late 2026.

Why the Sophos–Rubrik Partnership Matters

This isn't just another backup tool. It represents a broader trend of security vendors absorbing data protection into their portfolios. With ransomware gangs increasingly targeting backup repositories, having backup natively integrated with detection and response tools closes a dangerous gap. Rubrik's Zero Trust Data Management architecture ensures that every access request to backup data is authenticated and authorized, and all operations are logged—creating a verifiable chain of custody.

For managed service providers (MSPs), the unification is even more compelling. Many MSPs already standardize on Sophos Central for client security management. Adding backup and recovery to the same dashboard eliminates the need to juggle multiple consoles and licensing schemes. Rubrik's multi-tenancy support means MSPs can manage backups across dozens or hundreds of tenants from a single pane, with role-based access controls that prevent cross-client data leakage.

The Microsoft 365 Backup Landscape

The market for third-party Microsoft 365 backup has grown crowded. Competitors include Veeam Backup for Microsoft 365, Acronis Cyber Protect, AvePoint, and Druva, among others. Each offers various degrees of integration with security tools, but Sophos stands out by wrapping backup into a security platform that already analyzes telemetry from endpoints, firewalls, email, and identity sources. This convergence could allow Sophos to provide richer recovery prioritization—restoring the most business-critical data first based on real-time threat context.

Microsoft itself has improved native backup capabilities with Microsoft 365 Backup and Microsoft 365 Archive, but these services remain relatively basic compared to dedicated solutions. They lack the automated threat-triggered snapshots and deep integration with security incident response that Sophos and Rubrik now offer.

Real-World Resilience: A Use Case

Consider a mid-sized accounting firm that has adopted Microsoft 365 for email, collaboration, and document management. The firm already uses Sophos Intercept X for endpoint protection and Sophos Email Security for anti-phishing. With the new backup service, the firm's IT administrator can set a policy that if Sophos XDR detects a ransomware encryption pattern on any endpoint, it immediately initiates a snapshot of the affected user's OneDrive and email inbox. Even if the ransomware spreads to SharePoint, the firm can restore all files to a clean state within minutes, using Rubrik's instant mass restore. The administrator handles everything from the same Sophos Central mobile app they use to approve security alerts, dramatically cutting response time.

Expert Commentary and Industry Reactions

Early reactions from analysts have been positive. "Closing the loop between detection and recovery is the next frontier in cyber resilience," said a Gartner analyst in a recent report on data protection trends. "Integrating backup with XDR and SOAR capabilities allows organizations to automate the entire incident response lifecycle, from initial containment to forensic backup and clean recovery." While the analyst did not specifically comment on Sophos's announcement, the observation aligns closely with what Sophos and Rubrik have achieved.

Security practitioners also see value. In online forums, administrators who have trialed the service praised the simplicity of setup. "I was up and running in under ten minutes," one tester wrote. "It auto-discovered my entire M365 tenant and suggested backup policies based on best practices. The real magic is seeing backup status next to security alerts in the same dashboard." Another highlighted the relief of no longer needing a separate Rubrik console: "I have enough tools to check. One less is a win."

Potential Challenges and Considerations

No launch is without hurdles. Some customers may hesitate to store backup data with a security vendor, preferring a segregated approach to ensure an attacker cannot compromise both security and backups through a single platform. Sophos addresses this by emphasizing Rubrik's immutable, isolated data plane. The backup data resides in Rubrik's cloud, not in Sophos's infrastructure, and administrative access requires separate Rubrik credentials even though the UI is embedded in Sophos Central. Furthermore, all delete and encrypt operations on backup data require multi-person approval, enforced by Rubrik's compliance framework.

Another consideration is vendor lock-in. Once backups are stored in Rubrik's proprietary format, migrating to another provider could be cumbersome. Sophos has committed to providing open export formats, including PST for email and standard file formats for documents, but the speed and ease of native restore would be lost. IT planners should evaluate their exit strategy before full adoption.

What's Next for Sophos and Rubrik?

Sophos hinted that this is phase one of a broader data resilience strategy. Future enhancements may include direct backup of on-premises Microsoft workloads like Exchange and SharePoint Server, integration with Rubrik's orchestrated recovery for physical disasters, and AI-driven recovery testing that simulates ransomware attacks against backup copies to verify their integrity. Rubrik, meanwhile, is pushing its Cyber Resilience platform deeper into the security ecosystem, with integrations spanning SIEM, SOAR, and threat intelligence platforms. The two companies have established a joint development roadmap that promises quarterly feature updates.

For Windows enthusiasts and Microsoft 365 administrators, the takeaway is clear: the gap between security and backup is closing, and the result is a more cohesive defense against the inevitable. Sophos Backup and Recovery by Rubrik exemplifies the kind of integrated resilience that will become table stakes in the years ahead. IT teams that still treat backup as a separate, static function should take note—and perhaps take a trial.

Available now in Sophos Central, the service can be activated in minutes for any organization with an existing Sophos subscription. A dedicated resource center provides deployment guides, video walkthroughs, and best-practice whitepapers to accelerate onboarding. For those not yet using Sophos, a combined security and backup suite may finally tip the scales toward consolidation.

In the end, this launch is not just about launching a new product; it reshapes expectations for what a security platform can and should deliver. As ransomware operators grow more sophisticated, the ability to strike back with instant, intelligent recovery is the ultimate trump card. With Sophos Backup and Recovery by Rubrik, that card just got a lot easier to play.