Sophos and Rubrik have officially launched Sophos Backup and Recovery Powered by Rubrik Cyber Resilience, bringing Microsoft 365 backup and restore capabilities directly into Sophos Central. The solution, which became generally available worldwide on June 1, 2026, allows organizations to safeguard Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams data through a unified platform. This launch bridges a critical gap for businesses that mistakenly assume Microsoft’s native retention policies are sufficient for comprehensive data protection.

The Partnership That Redefines Cyber Resilience

Sophos has long been synonymous with endpoint and network security, but the collaboration with Rubrik—a leader in zero‑trust data security—elevates its portfolio into the enterprise backup arena. Rubrik’s technology underpins the new service, providing immutable, air‑gapped backups that are inherently resilient to ransomware. By embedding these capabilities into Sophos Central, the two companies aim to simplify data protection for the 600,000+ organizations already using Sophos managed security solutions.

Kris Hagerman, CEO of Sophos, emphasized at the virtual launch event that “this integration is about more than just backup; it’s about enabling IT teams to recover with confidence in minutes, not days.” Rubrik CEO Bipul Sinha added that the joint offering extends Rubrik’s mission of cyber resilience to the massive Sophos customer base, many of which are mid‑market firms that have been underserved by complex, standalone backup tools.

Why M365 Backup Matters More Than Ever

Microsoft 365 hosts critical business data, yet many organizations operate under a shared responsibility model misconception. Microsoft ensures infrastructure uptime and geo‑redundancy, but it does not protect against accidental deletion, malicious insiders, or ransomware attacks. Native retention policies and the recycle bin offer limited windows—often 30 to 93 days—after which data is permanently lost. For businesses subject to regulatory compliance or those that simply cannot afford downtime, a dedicated backup solution is no longer optional.

The Sophos‑Rubrik solution addresses these gaps with:

  • Unlimited point‑in‑time recovery for Exchange, SharePoint, OneDrive, and Teams.
  • Immutable backups stored in a Rubrik‑managed cloud, safe from tampering even if an attacker gains Sophos Central credentials.
  • Policy‑driven automation that discovers and protects M365 users and groups as they are created.
  • Granular restore down to individual emails, files, or chat conversations.

These features become essential in an era where ransomware gangs increasingly target cloud data. According to the Sophos 2026 State of Ransomware report, 43% of attacks now involve destruction or encryption of cloud‑based assets, up from 29% just two years prior.

Seamless Integration with Sophos Central

The most compelling aspect of the new service is its tight integration with Sophos Central, the cloud‑native management console that already unifies endpoint, firewall, email, and identity protection. Administrators can now manage M365 backups alongside security policies, view alerts, and trigger restores from the same dashboard they use to monitor threats.

Setup is designed to be frictionless. After purchasing the appropriate licenses, an IT admin authenticates the organization’s Microsoft 365 tenant via a secure OAuth flow within Sophos Central. The system then automatically discovers all users, SharePoint sites, and Teams channels, applying predefined backup policies. These policies can be customized—for example, backing up VIP mailboxes more frequently or retaining SharePoint data for seven years to meet compliance mandates.

Backups run continuously without user interruption, with incremental changes captured every five minutes. The Rubrik architecture ensures data is deduplicated, compressed, and encrypted both in transit and at rest. Administrators can set retention periods as long as 99 years, catering to even the strictest regulations.

Ransomware Recovery That Goes Beyond Restore

What sets this offering apart from native M365 tools or legacy backup appliances is its deep cybersecurity context. Sophos Intercept X endpoint protection and Sophos XDR feed threat intelligence into the backup workflow. If a ransomware attack is detected on an endpoint, Sophos Central can automatically initiate a proactive backup of all associated M365 data before encryption spreads. Post‑incident, the recovery console presents a visual timeline of file changes, helping admins identify the last clean state before infection.

“It’s not just about having a backup; it’s about having the right backup at the right moment,” explained Chester Wisniewski, Sophos Field CTO. “When an attacker compromises an account and deletes project files or ransoms an Exchange server, having a five‑minute‑old snapshot that you can restore with two clicks changes the game.”

The recovery process supports both original location and out‑of‑place restores, ideal for forensic analysis. Because all backups are immutable, even a compromised administrator account cannot delete them. This zero‑trust approach extends to multi‑factor authentication requirements for any destructive restore actions.

Pricing and Availability

Sophos Backup and Recovery Powered by Rubrik is available immediately through Sophos’ global network of partners and managed service providers (MSPs). The licensing model follows a simple per‑user, per‑month subscription with volume discounts. Exact pricing tiers were not disclosed publicly, but early partner briefings indicate it is competitive with offerings from Veeam and Druva, while bundling discounts are available for customers already using Sophos MDR or XDR suites.

A free 30‑day trial is offered for up to 50 users, allowing organizations to test the backup and restore workflows without commitment. For MSPs, the solution integrates with Sophos’ multi‑tenant management capabilities, enabling service providers to offer backup‑as‑a‑service under their own brand.

Competitive Landscape and What It Means for Windows Shops

The M365 backup market has grown crowded, with established players like Veeam Backup for Microsoft 365, Acronis Cyber Protect Cloud, and Druva inSync. However, the Sophos‑Rubrik solution differentiates by being natively integrated into a broader cybersecurity platform. For Windows‑centric enterprises that already rely on Sophos for endpoint protection and network security, adding M365 backup under the same roof reduces tool sprawl and potential security gaps.

“Customers have been asking for a single pane of glass for both security and data protection,” said an early beta tester, IT director Tomáš Krátký of Prague‑based digitalAlchemists. “Previously, we used one tool for endpoint backup, another for M365, and a third for security—now it’s all in Central.”

This integration is especially relevant for organizations pursuing zero‑trust architectures. By correlating backup status with endpoint health and identity signals, Sophos Central can dynamically adjust backup frequencies or lock down restores when a user behaves suspiciously. Such orchestration is difficult to achieve with separate, siloed products.

Looking Ahead: Google Workspace and Beyond?

While the initial launch focuses solely on Microsoft 365, roadmap slides shown during the announcement hint at future support for Google Workspace, Salesforce, and even on‑premises workloads like VMware and Hyper‑V. Rubrik already powers these capabilities in its own product line, so extending them to Sophos Central is a logical next step.

Moreover, the companies teased deeper AI‑driven recovery orchestration. Using machine learning models trained on global ransomware patterns, the platform could soon recommend which snapshots are most likely clean and even automate the restoration of the most critical data first—email and finance systems, for instance—before tackling archive content.

Conclusion

Sophos Backup and Recovery Powered by Rubrik represents a significant milestone in the convergence of cybersecurity and data protection. For Windows‑focused businesses, it offers a compelling, integrated alternative to standalone M365 backup tools. With its emphasis on immutability, ransomware‑aware restore, and the unified Sophos Central experience, the solution is poised to become a cornerstone of cyber resilience strategies.

Organizations that treat backup as an afterthought will continue to learn expensive lessons. Those that weave it into their security fabric, however, stand ready to face the next wave of cyber threats. The general availability on June 1, 2026, means IT administrators can now turn that readiness into reality with just a few clicks in Sophos Central.