Sophos launched Backup and Recovery M365 Powered by Rubrik on May 27, 2026, embedding enterprise-grade cloud backup and restore directly into Sophos Central. The move gives the cybersecurity vendor’s customers and partners a native, integrated way to protect Microsoft 365 data against accidental deletion, ransomware, and compliance gaps—all from the same console they use to manage endpoint, network, and cloud security.

The service arrives at a time when many organizations still misunderstand Microsoft’s shared responsibility model. While Microsoft ensures infrastructure uptime and replication, it does not provide point-in-time backup or granular, user-driven restore of Exchange Online, SharePoint, OneDrive, or Teams data. Without a dedicated third-party backup, emails deleted more than 30 days ago, overwritten files, and entire SharePoint sites hit by ransomware remain permanently lost. Sophos recognized that its customer base, heavily composed of mid-market and MSP-served businesses, needed an airtight safety net that didn’t require juggling yet another vendor dashboard.

That safety net now comes from Rubrik, a leader in cyber-resilient data management. The partnership layers Rubrik’s policy-driven backup engine and immutable storage architecture under the Sophos Central interface, giving administrators a single pane of glass for both threat prevention and data recovery. It’s a strategic alignment: Sophos leans on Rubrik’s proven cloud backup technology while Rubrik gains exposure to the 600,000-plus organizations and thousands of partners that rely on Sophos Central daily.

Why Microsoft 365 Backup Can’t Be Ignored

Microsoft 365 is ubiquitous, running email, collaboration, and file storage for more than 400 million commercial seats. Yet study after study shows that over half of all data loss incidents in the cloud are caused by end users—accidental deletion, overwriting, or malicious insiders. Ransomware attacks that target cloud accounts compound the risk; attackers who gain access to a user’s credentials can encrypt or exfiltrate entire OneDrive libraries or SharePoint document stores. Native retention policies, litigation holds, and recycle bins offer some protection, but they are not backups. They don’t allow point-in-time restoration, they don’t provide an air-gapped copy isolated from an attacker’s reach, and they don’t scale well when an organization needs to recover thousands of objects quickly.

Regulatory compliance adds another layer. Industries governed by GDPR, HIPAA, or NIS2 require demonstrable backup and recovery capabilities. An email that vanished two years ago might need to surface during an e-discovery request, and without a dedicated backup, it is gone. Sophos Central Backup and Recovery M365 addresses these gaps by offering automated, frequent snapshots of all M365 workloads, retained according to customizable policies, and stored in a separate security domain under Rubrik’s management.

What the Service Delivers

Though the full technical specification isn’t publicly detailed beyond the integration announcement, the service follows the model Rubrik has refined over years of protecting cloud applications. Administrators can expect:

  • Automated snapshot scheduling – backups run as often as every hour for critical users or groups, capturing incremental changes without impacting Microsoft 365 performance.
  • Granular restore – recover a single email, a calendar event, a OneDrive file version, a SharePoint list item, or entire Teams conversations with a few clicks, right from the Sophos Central search interface.
  • Point-in-time rollback – rewind an entire SharePoint site or OneDrive account to a moment before a ransomware encryption event, minimizing downtime.
  • Immutable storage – backup copies are logically air-gapped and cannot be modified or deleted by the same credentials that manage the production environment, a critical defense against ransomware.
  • Role-based access and RBAC – align recovery permissions with existing Sophos Central administrator roles, allowing help desk staff to restore files without exposing broader security settings.
  • Multi-tenant management for MSPs – managed service providers can view and operate backup jobs across all their clients from a single Sophos Central partner dashboard, streamlining billing, capacity planning, and incident response.

Because the backup data resides in Rubrik’s cloud, there’s no appliance to deploy. Organizations simply authorize the Sophos Central connector to access their Microsoft 365 tenant, configure protection policies, and the backup engine starts pulling data. Recovery can be performed directly into the original location or exported to an alternate mailbox, folder, or site for forensic analysis.

Integration with Sophos Central

The most significant differentiator from standalone M365 backup tools is the tight link to the broader Sophos ecosystem. Sophos Central already correlates endpoint detections, email threats, firewall events, and identity anomalies. With backup and restore woven in, a security analyst investigating a phishing incident can pivot from an alerted email—identified as a threat by Sophos Email Security—to the backup snapshot timeline, verifying at what point the message was delivered and whether it triggered suspicious forwarding rules. If an account compromise is confirmed, the same analyst can initiate a mass rollback of any impacted mailboxes or OneDrive accounts without leaving the console.

This unified approach resonates with IT teams burdened by tool sprawl. Instead of logging into separate tape-replacement software or a cloud-native backup point solution, they stay within a familiar interface. Training time shrinks, and the mean-time-to-recover (MTTR) drops because the context needed for restoration lives next to the security telemetry.

Sophos also exposes API endpoints for the backup service, letting larger organizations automate recovery as part of SOAR playbooks. For example, a playbook could trigger a snapshot before isolating a compromised endpoint, or automatically restore any file deleted after a high-severity alert fires.

Partner Benefits and Market Opportunity

Sophos’ channel-first model means the announcement resonates especially with resellers, MSPs, and MSSPs. They now have a monthly recurring revenue (MRR) opportunity that layers on top of existing endpoint and network security licenses: data protection as a service. Many partners had been sourcing Microsoft 365 backup from separate vendors—often causing margin compression and operational headaches. Consolidating under Sophos Central simplifies procurement, support escalation, and client onboarding.

Partners can also brand the backup service as part of a broader cyber resilience package. An MSP offering 24/7 threat response, email filtering, and immutable backups stands out against competitors still pitching traditional antivirus. The ability to demonstrate a live restore during a sales call, recovering a deleted SharePoint folder in seconds, makes the intangible promise of backup tangible.

Billing transparency matters, too. Early feedback from the Sophos partner community, posted in forums after the announcement, highlights that per-user pricing with clear capacity tiers removes guesswork. Partners can forecast costs and bundle backup into per-seat packages without worrying about inconsistent cloud consumption charges.

The Competitive Landscape

The market for Microsoft 365 backup is crowded, populated by players like Veeam, AvePoint, Acronis, Barracuda, and Datto. Most offer a stand-alone product that integrates with Microsoft APIs but not with a larger security platform. Sophos’s edge comes from its security pedigree and centralized management. Customers who already trust Sophos to defend their endpoints and networks may prefer a backup service that shares the same login, alerting, and reporting infrastructure.

Rubrik’s involvement also signals enterprise-grade capability. Rubrik has long been positioned as a premium data protection vendor for hybrid and multi-cloud environments, competing against Cohesity and Commvault. By putting Rubrik’s engine into a SaaS-delivered, mid-market-friendly wrapper, Sophos bridges the gap between complex enterprise tools and the needs of smaller IT teams.

Implementation and Migration

Organizations can activate the backup service directly from the Sophos Central dashboard under a new “Backup & Recovery” tab. The onboarding wizard asks for Microsoft 365 global admin credentials to set up the required API permissions, then guides the admin through selecting users, groups, and sites to protect. Default policies apply a best-practice backup schedule—typically hourly for email and every four hours for larger SharePoint sites—with retention set to one year, though everything is adjustable.

For MSPs already managing dozens of tenants, bulk onboarding tools and API-driven automation will be critical. Sophos’s partner documentation indicates that all backup configuration can be scripted through its cloud API, allowing large-scale rollout without manual intervention per client.

Migration from an existing third-party backup product isn’t automatic; the Rubrik engine performs a fresh baseline backup of the Microsoft 365 tenant. However, since the service is purely additive and doesn’t interfere with other backup tools, organizations can run both in parallel while the new system builds its retention history. Sophos recommends maintaining the legacy solution until the Rubrik-powered backup has accumulated at least 30 days of snapshots, then decommissioning the old tool.

What Early Adopters Are Saying

Sophos forum members, typically a candid group, have reacted with cautious optimism. Several MSP partners welcomed the consolidation of security and backup under one roof, citing reduced licensing complexity and fewer vendor relationships to manage. Others pressed for clarity on recovery time objectives (RTO) for large SharePoint environments and whether bandwidth throttling options exist to prevent backup traffic from saturating client internet connections during business hours. One thread asked about direct integration with Microsoft Teams private channel messages—a notoriously tricky object to back up with many third-party tools.

A recurring question centered on data sovereignty: when backup data is stored in Rubrik’s cloud, which regions host it? Sophos responded in a forum comment that the service will initially launch with data residency in the US, EU, and UK, with additional regions planned, and that partners can select the region during tenant onboarding. For customers in regulated industries, this will be table stakes.

Looking Ahead

Sophos has stated that Backup and Recovery M365 is the first in a planned series of data protection services for cloud workloads. Google Workspace and Salesforce backup may follow, reflecting a recognition that cyber resilience isn’t limited to one productivity suite. The company also hinted at deeper integrations with its Managed Threat Response (MTR) service, where MTR analysts could proactively trigger backups before isolating a compromised identity—blending threat hunting with instant data insurance.

For now, the immediate impact is a simplification of the IT stack for thousands of businesses and their service providers. By removing the artificial wall between security and recovery, Sophos positions itself not just as a breaker of attacks but as a restorer of business operations. In an age where ransomware payments are increasingly discouraged, having a fast, reliable, and familiar recovery path matters more than ever.

Backup and Recovery M365 Powered by Rubrik is available as of May 27, 2026, through existing Sophos Central accounts. Licensing follows a per-user subscription model, and a 30-day free trial is available for up to 50 users. Details are accessible on the Sophos Central product page.