Sophos and Rubrik have announced the worldwide availability of Sophos Backup and Recovery Powered by Rubrik Cyber Resilience, a new offering that brings Microsoft 365 data protection and recovery into the Sophos Central environment. Available as an add-on for Sophos customers, the solution enables the recovery of Exchange Online, OneDrive, SharePoint, and Teams data after incidents such as ransomware, account compromise, insider threats, or accidental deletions.
This move is significant because Microsoft 365 has become the operational backbone for many organizations. Email, identity, collaboration, shared documents, chats, and meetings all depend on a single platform. While this integration boosts productivity, it also makes Microsoft 365 a highly attractive target for attackers seeking credentials, lateral movement, data exfiltration, or business disruption.
The collaboration between Sophos and Rubrik aims to close a common gap in many companies: security and recovery are often treated separately. One team detects threats in a console, another reviews potentially affected data, and a third works on restoring information from a separate tool. This fragmentation delays the response, especially when every minute counts.
Recovery integrated into the response workflow
The integration extends Rubrik’s SaaS protection capabilities for Microsoft 365 into Sophos Central, the platform through which many clients manage detection, response, and security operations. The goal is for teams to understand what happened, identify which data was affected, and restore clean information without switching between multiple consoles.
Tom Foucha, Vice President of Product Management at Sophos, summarizes this with a very pragmatic approach: maintaining operations in an environment of constant digital disruption requires confidence that recovery will be quick. Recovery is no longer a separate phase but is integrated into the same environment where threats are detected and investigated.
Rubrik provides the data resilience layer. The solution includes isolated backups, air-gapped architecture, WORM immutability, and customer-controlled encryption. These features are crucial because modern attacks often go beyond encrypting servers or workstations; attackers may try to destroy, manipulate, or disable backup copies to prevent recovery.
The solution also offers granular or bulk recovery options: emails, files, mailboxes, OneDrive accounts, SharePoint sites, and Teams data can be restored to the original user or to alternative accounts, including inactive profiles. This flexibility is especially useful in incidents where not all parts of the environment are affected equally.
| Capability | What it provides |
|---|---|
| Exchange Online | Protection and recovery of mailboxes and emails |
| OneDrive | Restoration of user accounts, files, and data |
| SharePoint | Recovery of sites and shared documents |
| Teams | Protection of collaboration data |
| Immutable backups | Protection against malicious manipulation or deletion |
| Air-gapped architecture | Isolation to enhance resilience |
| Sophos Central | Unified management of security and recovery |
| Azure AD | Identity-based controls and automated protection |
Microsoft 365 also needs its own backup
There is still some confusion in many companies regarding Microsoft 365 protection. The platform offers high availability and limited retention for certain scenarios, but this does not always constitute a comprehensive backup and recovery strategy against ransomware, human error, accidental deletion, insider threats, or compromised accounts.
The distinction matters. Availability is not the same as recovery. Just because the Microsoft service is operational does not guarantee an organization can quickly and cleanly restore a specific set of emails, documents, or channels affected by malicious or accidental actions.
Account compromise is one of the most sensitive scenarios. If an attacker gains access with valid credentials, they can appear legitimate. They might delete information, move files, change permissions, download data, alter content, or prepare a broader attack. Once an incident is detected, teams need to know what changed, when it occurred, and which data versions to restore.
Sophos emphasizes that its platform protects over 600,000 customers and gathers telemetry from more than 350 sources across endpoints, cloud, network, identity, email, and business applications. This contextual information can help make recovery more precise—it’s not just about restoring blindly but restoring after understanding the scope of the incident.
Automation to ensure users stay protected
Another key capability is automated protection. The platform can discover new users, sites, and workloads, and apply policies via Azure AD controls. This addresses a common challenge with Microsoft 365: organizations are constantly changing. Users are created and deleted, new Teams, SharePoint sites, shared mailboxes, and collaboration structures appear, often beyond manual policy coverage.
In larger environments, relying on manual tasks to protect each new resource increases the risk of gaps. A user without a backup, an overlooked site, or a forgotten mailbox can become a vulnerability during an incident. Automating discovery and policy enforcement reduces this exposure.
Fast recovery also demands granularity. Sometimes, restoring an entire account or site isn’t necessary. Restoring a single document, folder, specific mailbox, or a set of messages may suffice. In broader attacks, bulk restoration might be necessary. The combined Sophos and Rubrik solution aims to cover both scenarios.
For MSPs and partners, the integration can be especially appealing. Many small and medium organizations lack dedicated SaaS backup, incident response, and recovery teams. Managing protections from a familiar console can reduce operational complexity and enable a more comprehensive cyber resilience offering.
Cybersecurity doesn’t end with detection
This announcement aligns with a growing trend: security is no longer measured solely by attack detection. It’s also about how quickly and confidently an organization can recover. Ransomware, credential theft, malicious deletions, and human errors have shown that blocking the first attack isn’t always enough. The critical question becomes: how fast can the organization resume operations and trust the restored data?
Rubrik has long championed the concept of Zero Trust Data Security, focusing on data integrity, availability, and recovery against threats. Sophos’s approach centers on detection, response, and centralized management. This partnership combines these layers: operational security and data resilience.
This convergence is logical. If an EDR detects suspicious activity, an identity solution identifies a compromised account, or an email system flags anomalous behavior, the organization needs to connect that signal with the ability to restore data. Separating these areas can delay decisions and worsen the incident’s impact.
The challenge remains in achieving widespread adoption. Many organizations continue to see SaaS backup as an optional expense until data loss occurs. While Microsoft 365 is critical for business, not all organizations have a clear strategy to protect it beyond native platform features. An integrated solution within Sophos Central can make that process easier for customers who already trust the Sophos ecosystem.
Sophos Backup and Recovery Powered by Rubrik Cyber Resilience is now available globally. Customers can activate it through their Sophos partner or sales rep. This development reflects a market evolution: protecting Microsoft 365 is no longer just about threat filtering or endpoint security; it also involves ensuring rapid, reliable, and clean data recovery when needed.
Frequently Asked Questions
What have Sophos and Rubrik announced?
They announced the global availability of Sophos Backup and Recovery Powered by Rubrik Cyber Resilience, a backup and recovery solution for Microsoft 365 integrated into Sophos Central.
What Microsoft 365 services are protected?
The solution covers Exchange Online, OneDrive, SharePoint, and Teams, with options for granular or bulk recovery.
Why is backup needed for Microsoft 365?
Because service availability does not replace a recovery strategy against ransomware, account compromise, insider threats, or accidental deletions.
What does Rubrik add to this integration?
Rubrik provides immutable SaaS backups, air-gapped architecture, customer-controlled encryption, and fast, flexible recovery capabilities.
via: rubrik