Cybersecurity attacks are rising sharply in 2025 and Microsoft has been one among many prominent targets. Research shows that 70 percent of M365 tenants have experienced account takeovers1 and 81 percent have encountered email compromise2.
To mitigate this ongoing risk, Rubrik and Sophos have formed a strategic partnership to help lean IT teams strengthen their cyber resilience and simplify recovery from ransomware, account compromise, insider threats, and data loss in Microsoft 365.
The new joint solution will make Sophos M365 Backup and Recovery powered by Rubrik the only M365 data protection solution that is fully integrated into Sophos’s powerful cybersecurity console. For customers already relying on Sophos for detection and prevention, this integration provides fast and secure recovery of SharePoint, Exchange, OneDrive, and Teams data when it is accidentally or maliciously compromised.
Rubrik’s SaaS-based protection will be available through Sophos Central—the same platform security teams already trust to manage their defenses.
The Need Now Is Greater than Ever
In early 2025, Microsoft 365 commercial (paid seats) surpassed 400 million users. If global admin credentials are breached for any of those millions of users, attackers can manipulate retention settings and permanently delete critical business data.
Native tools were not built for cyber resilience at this scale. Litigation Hold is designed for legal search, not to restore massive amounts of enterprise data. The Recycle Bin is limited and short-term and can’t rewind an entire data estate after an incursion. These kinds of native features can serve specific use cases, but are not sufficient to address enterprise-grade needs. At worst, they provide a false sense of security.
Recovery needs to be fast, granular, and reliable at scale. That’s where Rubrik comes in.
Next-Level Cyber Recovery and Resilience
According to The State of Ransomware report by Sophos, only 54% of affected companies impacted by ransomware relied on backups for data restoration, while nearly half of organizations chose a far more costly approach by paying the ransom to recover their data, highlighting a continued gap in effective cyber resilience practices.
The Rubrik/Sophos integration is designed to close this gap in several significant ways:
Immutable, secure backups: Rubrik will isolate backups from the Microsoft 365 tenant and protect them with air gap architecture, WORM-locked immutability, and customer-held encryption keys. Multi-factor authentication and intelligent data lock will help prevent tampering, even if credentials are compromised.
Fast, flexible recovery: Customers will be able to search and restore emails, files, folders, shared mailboxes, OneDrives, SharePoint sites, and Teams channels to the original location or another user. Rubrik will support both active and inactive accounts, and deliver high-performance restores using containers orchestrated with Azure Kubernetes Service.
Automated protection and compliance: Rubrik will automatically discover new users, sites, and mailboxes, apply policy-based protection using Entra ID groups, and offer delegated admin controls. Sophos Central makes this automated protection effortless to manage and will eliminate tedious backup tasks for overburdened admins.
This new functionality will be available within Sophos Central. No new interfaces to learn. No extra tooling. Just a unified experience for both security operations and Microsoft 365 data protection.
Building Cyber Resilience, Together
Working with Rubrik, Sophos will be able to give customers the tools they need to detect, protect, and recover with speed and precision if bad agents break into Microsoft systems. For partners, the Rubrik/Sophos integration will unlock new ways to support customers with an offering that directly aligns to the realities of today’s threat landscape.
Rubrik and Sophos share a commitment to helping organizations operate with confidence in the face of risk. Together, we’re raising the bar for Microsoft 365 resilience.
To learn more or activate the integration, contact your Sophos sales team.
SAFE HARBOR STATEMENT
Any unreleased services or features referenced in this document are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.