Sophos Backup and Recovery for M365 – powered by Rubrik is now available

ProductsMicrosoftSophos Backup and Recovery for M365

Sophos Backup and Recovery for M365 is now generally available — giving partners a purpose-built, fully integrated backup and recovery solution to add to their M365 portfolio.

Jun 02 2026 By

A new revenue opportunity for partners serving Microsoft 365 customers.

Microsoft 365 is now the dominant productivity platform in the SMB and mid-market segments that most Sophos partners serve. But as M365 adoption has grown, so has a critical and underserved gap: customers assume Microsoft is backing up their data. It isn’t — not in any meaningful recovery sense. Native retention tools exist for compliance and legal hold, not for fast restoration after ransomware, accidental deletion, or admin error.

That gap represents a real risk for your customers, and a real opportunity for your practice.

60% of organizations have suffered an M365 account takeover. Ransomware attacks targeting Microsoft 365 have increased 275% year-on-year. Yet most customers running M365 have no dedicated backup in place and no plan for recovering at scale. This is exactly the kind of risk conversation partners are well positioned to have — and now you have a Sophos-integrated solution to back it up.

What Sophos Backup and Recovery for M365 Delivers

Sophos Backup and Recovery for M365 provides air-gapped, immutable backup and fast, granular recovery across all four major M365 workloads:

  • Exchange Online — mailboxes, shared mailboxes, folders, and inactive user data
  • OneDrive — files, folders, personal sites, and inactive user data
  • SharePoint — sites, lists, document libraries, and subsites
  • Microsoft Teams — channel posts, chats, files, and Teams structure

A single per-user license covers software and storage at a fixed, predictable cost — no infrastructure to size or manage.

Withstand Cyber Attack

Backups are isolated from the customer’s M365 tenant with a true air gap. WORM-locked immutability, SLA Retention Lock, and Intelligent Data Lock ensure that backup data cannot be destroyed or altered by an attacker — even one operating with full admin credentials. MFA enforcement, Bring Your Own Key (BYOK) encryption, and Retention Lock with Quorum Authorization close the gaps that make M365 admin credential compromise so damaging during a ransomware event.

Recover Rapidly

Recovery speed is where dedicated backup earns its value in an incident. Manually restoring 1,000 users without a dedicated solution takes an average of 14 days. Sophos Backup and Recovery for M365 cuts that to hours. Technicians can search by keyword, email subject, event title, author, or date range; browse point-in-time snapshots; and restore anything from a single email to an entire OneDrive or SharePoint site — granularly or in bulk.

Automate Protection and Manage Risk

Policy-driven automation automatically discovers new users, sites, and Teams as they’re created and applies backup policies without manual scheduling.

Why This Matters for Your Partner Practice

  1. Address a gap that already exists in most of your customer accounts
    Your existing M365 customers almost certainly do not have dedicated backup in place. This is a warm conversation, not a cold sell — particularly with customers in regulated industries, those who have experienced a security incident, or those who ask about ransomware recovery. The 60% account takeover statistic and the 14-day manual restore figure are powerful conversation starters.
  2. Simple to position, simple to license
    Sophos Backup and Recovery for M365 is a standalone product available to new and existing customers. It doesn’t require any other Sophos product to purchase or deploy. One per-user license covers all four workloads with software and storage included, making it easy to quote and easy for customers to understand.It’s an especially strong fit for:

    • M365 customers with 200 or more seats
    • Organizations in regulated industries with long-term retention requirements beyond Microsoft’s defaults
    • IT teams with limited staff who need automated protection without operational overhead
    • Customers who have experienced ransomware or account compromise and now recognize the gap
  3. Integrated with Sophos Central — no additional console to run
    For partners already managing customers in Sophos Central, Sophos Backup and Recovery for M365 sits inside the same console alongside endpoint, email, firewall, and MDR management. Role-based access control and delegated admin permissions are already built in, supporting how MSP teams are typically structured. For partners running Sophos MDR for customers, the integration is particularly powerful. When an MDR analyst identifies a ransomware event or account compromise, the recovery workflow is a natural next step within the same platform — not a context switch to a separate system.
  4. Strengthen your cybersecurity story beyond the perimeter
    Customers and insurers increasingly expect cyber resilience to include recovery capability, not just prevention. Backup is now a standard question in cyber insurance applications. Offering Sophos M365 Backup and Recovery alongside your existing Sophos security stack gives you a more complete answer to the resilience conversation — and a stronger QBR narrative around the operational maturity you’re delivering.
  5. Multi-geo storage supports data residency requirements
    Data can be stored in the region of the customer’s choice, supporting data residency requirements for customers operating in the EU, UK, APAC, and other regions where local data sovereignty matters.

Use Cases to Lead With

The most effective customer conversations start with a specific scenario rather than a capability list. These six use cases are the ones most likely to resonate:

  • Ransomware Recovery — Restore clean versions of SharePoint, OneDrive, and mailbox data after an attack. Air-gapped, immutable backups remain intact even when admin credentials are compromised.
  • Accidental Deletion — Recover emails, files, and Teams content instantly, even after Microsoft’s recycle bin has expired. One of the most frequent IT support requests — and one of the easiest wins to demonstrate.
  • Malicious Insider Damage — Immutable backups remain recoverable regardless of what an insider deletes, corrupts, or tampers with in retention policies.
  • Compliance and Long-Term Retention — Meet GDPR, HIPAA, and other requirements with retention policies extending well beyond Microsoft’s defaults. Particularly relevant for healthcare, finance, and legal sector customers.
  • Large-Scale Corruption and Misconfiguration — Restore entire sites or mailboxes to a known-good state after sync failures, mass overwrites, or administrative errors.
  • Business Continuity and Disaster Recovery — Zone-redundant storage and automated failover keep M365 data accessible and recoverable during data centre failures and regional outages.

Availability and Next Steps

Sophos Backup and Recovery for M365 is available now. It is a standalone product — no other Sophos product is required, though it works best as part of a broader Sophos portfolio.

Visit the Sophos Partner Portal for pricing, sales resources and product collateral — available now for use in customer conversations.

If you need assistance, please reach your Sophos channel account manager or local distributor to discuss positioning in your current customer accounts.

About the Author

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.