Sophos and Rubrik announced the general availability of Sophos Backup and Recovery Powered by Rubrik Cyber Resilience on June 1, 2026. The new service embeds cloud-native Microsoft 365 data protection directly into the Sophos Central platform, aiming to streamline backup and recovery for businesses already relying on Sophos for endpoint, network, and cloud security.

The global rollout marks a significant expansion of the partnership first teased in late 2025. It delivers immutable, air-gapped backups for Exchange Online, OneDrive for Business, SharePoint Online, and Microsoft Teams\u2014all managed from a single console. For Sophos customers, the integration eliminates the need for third-party backup tools and reduces the operational complexity of safeguarding cloud productivity data.

A Long-Awaited Integration

Rumors of a Sophos-Rubrik tie-up circulated for months before an official joint development agreement was confirmed in October 2025. The collaboration aimed to infuse Rubrik\u2019s cyber resilience capabilities directly into Sophos\u2019 managed security platform. Now, with general availability, the vision becomes reality.

\u201cWe\u2019re seeing a convergence of security and data protection like never before,\u201d said Darren Barker, Sophos vice president of product management for cloud security, in a statement coinciding with the launch. \u201cBy embedding Rubrik\u2019s battle-tested backup technology into Sophos Central, we\u2019re giving IT teams a unified way to defend against ransomware and ensure they can recover critical Microsoft 365 data in minutes, not days.\u201d

Rubrik has long championed a zero-trust data management architecture. Its immutable file system prevents backup data from being altered, deleted, or encrypted by attackers, even if administrative credentials are compromised. The integration layers this protection on top of Sophos\u2019 existing threat detection and response stack, creating a cohesive defense and recovery workflow.

What\u2019s Included

Sophos Backup and Recovery covers the four core Microsoft 365 productivity workloads:

  • Exchange Online: Mailboxes, contacts, calendars, and public folders.
  • OneDrive for Business: All files, folders, and sharing permissions.
  • SharePoint Online: Entire site collections, subsites, lists, libraries, and metadata.
  • Microsoft Teams: Conversations, channel files, and associated SharePoint backends.

Backups are continuous and incremental, with adjustable retention policies ranging from one month to seven years or longer for compliance needs. Recovery options are granular. Administrators can restore individual emails, a single document version, or an entire SharePoint site directly to the original location or an alternate point in time.

Inside Sophos Central

The service appears as a dedicated \u201cBackup & Recovery\u201d tile within the Sophos Central dashboard. It leverages the same role-based access controls, multi-factor authentication, and auditing already configured for other Sophos services. Alerts for backup failures, ransomware anomalies, or restore operations surface in the centralized alerts feed alongside endpoint and firewall events.

Initial configuration is designed to be straightforward. After subscribing, an administrator authorizes the Sophos application within Microsoft Entra ID, granting consent to access the tenant\u2019s Exchange, SharePoint, and Graph APIs. Once connected, the service auto-discovers users, groups, and sites and begins protecting them based on default policies. Custom policies can target specific departments, VIP users, or legal hold requirements.

Cyber Resilience Under the Hood

Rubrik\u2019s architecture underpins the resilience features. All backups are stored in a Rubrik-hosted cloud tenancy, isolated from the customer\u2019s own Microsoft 365 infrastructure. Data is encrypted in transit and at rest with AES-256 encryption. The immutable architecture ensures that once a snapshot is written, it cannot be modified or removed before the retention period expires \u2013 even by Sophos or Rubrik support personnel.

Should a ransomware attack hit a customer\u2019s Microsoft 365 environment, the backups remain untouched. Sophos Central\u2019s threat intelligence and MDR teams can trigger restores from a known-good point without fear of reinfecting the production tenant. The service also includes anomaly detection: atypical spikes in deletion or encryption activity trigger alerts, allowing proactive investigation.

\u201cThe combination of Sophos\u2019 threat insights with Rubrik\u2019s immutable backups is powerful,\u201d said Laura DuBois, an analyst at Enterprise Strategy Group. \u201cIt closes a gap many organizations have \u2013 the assumption that Microsoft\u2019s native recycle bin and retention policies are enough. They aren\u2019t, especially when sophisticated attacks target encrypted data.\u201d

Addressing the Shared Responsibility Model

Microsoft operates on a shared responsibility model for Microsoft 365. While Microsoft ensures infrastructure uptime and rudimentary data redundancy, customers are responsible for protecting against accidental deletion, malicious insiders, and ransomware. Native features like retention policies and litigation holds offer some protection but lack the speed and granularity of a dedicated backup solution.

Sophos and Rubrik target this gap explicitly. Their backup service provides point-in-time recovery, meaning organizations can roll back to a moment before an incident occurred. For regulated industries, the ability to retain immutable copies for years satisfies compliance mandates ranging from FINRA to GDPR.

Pricing and Availability

Sophos Backup and Recovery Powered by Rubrik Cyber Resilience is available immediately through Sophos\u2019 global network of channel partners and managed service providers. Pricing follows a per-user, per-month subscription model with volume discounts for larger deployments. Exact pricing varies by region and partner, but early indications suggest it will be competitive with standalone M365 backup solutions from Veeam, AvePoint, and Acronis.

Existing Sophos Central customers can activate a 30-day trial directly from the console. The trial provides full access to all features for up to 50 users, requiring no credit card. After the trial, the service transitions to a paid subscription without disrupting backup continuity.

Partner and MSP Opportunities

The announcement has drawn enthusiastic reactions from the Sophos partner community. Managed service providers, in particular, stand to benefit from multi-tenant management. The backup service supports Sophos Central\u2019s multi-tenancy, allowing MSPs to manage backups for all their clients from a single pane of glass.

\u201cThis integration is a game-changer,\u201d said Michael Goldstein, president of LAN Infotech, a Florida-based MSP. \u201cWe\u2019ve been juggling separate backup point products for M365 customers for years. Having it live inside Sophos Central not only simplifies our operations but also creates a more compelling story around cyber resilience that we can sell alongside their endpoint and firewall offerings.\u201d

Sophos has also launched a dedicated certification track within its MSP Connect program, enabling partners to demonstrate expertise in backup and recovery. Marketing development funds and demand-generation campaigns are being offered to accelerate adoption.

The Bigger Picture: Security and Data Protection Convergence

The launch underscores a broader industry trend: the collapse of silos between cybersecurity and backup and recovery. Traditional backup vendors are adding security features, while security vendors are moving into data protection. Rubrik\u2019s partnership with Sophos follows similar integrative moves, such as Cohesity\u2019s work with Cisco and Commvault\u2019s expansion into threat detection.

For businesses, the benefit is practical. A unified platform reduces tool fatigue, lowers the likelihood of configuration drift, and enables faster incident response. When a security alert fires in Sophos Central indicating suspicious activity in a user\u2019s OneDrive, the backup service can immediately lock snapshots and begin forensic analysis without requiring intervention from a separate backup team.

Competitive Landscape

The Microsoft 365 backup market is crowded. Standalone solutions like Veeam Backup for Microsoft 365, AvePoint Cloud Backup, and Barracuda Cloud-to-Cloud Backup have sizable user bases. Acronis integrates backup with its security platform, providing a similar unified approach. Rubrik itself offers Rubrik Cloud Vault and Microsoft 365 backup as a standalone service.

Sophos\u2019 differentiator lies in the tight integration with its XDR and MDR services. For organizations already invested in Sophos\u2019 ecosystem, the addition of backup eliminates yet another vendor relationship and console. However, shops standardized on other security stacks may find less appeal unless they are willing to migrate.

Industry analysts note that the partnership also benefits Rubrik by vastly expanding its addressable market through Sophos\u2019 600,000-plus global customers. Rubrik gains distribution into the lucrative SMB and mid-market segments, where Sophos has a strong presence.

Looking Ahead

Sophos and Rubrik have hinted at a broader roadmap for their joint solution. Upcoming enhancements include automated ransomware recovery playbooks \u2013 predefined workflows that isolate compromised systems, restore clean data, and update security policies in a coordinated sequence. Also on the horizon is deeper integration with Sophos XDR telemetry, allowing the backup service to dynamically adjust retention based on observed threat activity.

Support for additional workloads is being explored, including Microsoft Teams Private Channels, Power Platform data, and potentially Microsoft Entra ID configuration backup. Integration with Microsoft 365 Backup Storage, the API Microsoft launched in 2024 for backup vendors, could further accelerate recovery speeds.

What It Means for Windows Enthusiasts and IT Pros

While the average Windows consumer won\u2019t directly interact with enterprise backup products, the technology flows down. Immutable backups, once the preserve of Fortune 500 companies, are becoming accessible to small businesses. The same principles used to protect multinational Exchange Online tenants can protect a five-person firm\u2019s shared mailbox and SharePoint intranet.

For Windows IT professionals, the message is clear: backup is no longer a standalone discipline. It is a core component of a cyber resilience strategy. Tools that unify security and recovery reduce the window of vulnerability and simplify the daily grind of system administration.

Getting Started

Sophos Central administrators can find \u201cBackup & Recovery\u201d under the \u201cMy Products\u201d section after logging in. A guided setup wizard walks through the Microsoft 365 authorization process, which uses standard OAuth 2.0 flows and requires Global Administrator or Application Administrator consent. Once authorized, the service begins protecting all licensed users within minutes, though initial full backups may take hours depending on data volume.

Documentation, including deployment guides and best practices, is available on Sophos\u2019 support portal. Live onboarding webinars will run weekly throughout June and July 2026.

Final Take

Sophos Backup and Recovery Powered by Rubrik Cyber Resilience is a natural progression for two companies deeply focused on reducing the impact of cyberattacks. By folding enterprise-grade backup into Sophos Central, they\u2019ve eliminated a major friction point for IT teams struggling to manage a patchwork of security tools. The result is a streamlined, robust defense for Microsoft 365 data that any organization can deploy quickly.

For existing Sophos customers, the math is simple: add the backup service and instantly improve your cyber resilience posture without learning a new interface. For those considering a switch, the bundled approach may tip the balance. As ransomware gangs increasingly target cloud data, the ability to detect an attack through endpoint signals and recover locked files from an immalleable backup within the same platform is not just convenient \u2013 it\u2019s essential.