Skip to main content

Stack: Microsoft 365

Okta disaster recovery for teams running Microsoft 365 federated through Okta

When Okta federates Microsoft 365 authentication, a single change to the Okta-side configuration can knock the entire workforce out of email, Teams, OneDrive, and SharePoint simultaneously. The blast radius is total. This is exactly the scenario that drives boards and audit committees to ask: do we have an identity-layer recovery plan?

Butterfly captures versioned snapshots of the Okta configuration governing Microsoft 365 federation — the federation app, the assigned groups, the sign-on policy, the SCIM provisioning feed (for organizations using Okta as authoritative source), and Workflows automations. Restore preview shows the exact diff before any revert.

Book a 30-min demo with MickStart the free trial

What you get

How Butterfly fits Microsoft 365

Microsoft 365 federation app is versioned

Every backup captures the Okta-side Microsoft 365 app integration — federation trust configuration, attribute mappings, assigned groups, and sign-on policy.

Sign-on policy changes are diffable at the population level

Restore preview surfaces who would be affected by a sign-on policy change before any revert. Tightening MFA was intended for engineering — restore preview shows the exact group expression so you do not accidentally re-MFA the executive team.

Workflows automations keeping Okta and Microsoft 365 in sync

If your team uses Workflows to mirror Okta group changes into Microsoft 365 group membership, those flows are captured per snapshot.

What goes wrong

Three incidents you have already seen variations of

Federation policy change locks the entire workforce out of email

A device-trust tightening intended for engineering caught the global group expression. The entire workforce — including executives — could not reach email or Teams. Restore preview surfaces the policy diff and the scope of the affected population.

Authentication policy authenticator change degrades MFA posture

A simplification of authenticator-enrollment policy unintentionally allowed an authenticator class that does not satisfy your security baseline. Restore preview surfaces the policy diff.

Group rule deletion drops a regional office

A directory cleanup removed a group rule that fed the EMEA-office group, which gated Microsoft 365 license assignment. Restore preview surfaces the rule and the membership delta.

Honest scope

What Butterfly captures — and what it does not

In scope

The Okta-side configuration governing Microsoft 365 access: the federation app integration, attribute mappings, assigned users and groups, group rules, sign-on and authentication policies, SCIM provisioning configuration (where used), and Workflows automations.

Out of scope

We do not back up Microsoft 365 mailboxes, OneDrive content, SharePoint sites, or any Microsoft 365 user data. Microsoft 365-side backup is handled by tools purpose-built for that surface.

Plans

Free, Standard, or Business

Free

$0 / forever

  • 1 Okta connection
  • 7-day retention
  • 1 total backup
  • No credit card

Standard

$1 / user / month — $99 minimum

  • 2 Okta connections
  • 90-day retention
  • Restore preview + dry-run
  • Audit Pack PDF (framework-filterable)

Business

$2 / user / month — $299 minimum

  • Unlimited Okta connections
  • Unlimited retention
  • Continuity (warm standby)
  • Priority restore support

Pricing reference: /upgrade. Provider coverage today: Okta, Okta Workflows, Auth0.

Regulatory shape

Compliance and audit angle

SOC 2 CC6 / CC7, ISO 27001 A.5.16 / A.5.30, HIPAA 164.308(a)(7) (contingency plan), and GDPR Article 32 all expect the identity layer governing workforce-collaboration tools to be both restricted and demonstrably restorable.

Butterfly's own SOC 2 Type II work is in progress; current status lives in the Trust Center.

Frequently asked

FAQ

Does Butterfly back up Microsoft 365 mailboxes?

No. Butterfly backs up the Okta configuration governing Microsoft 365 access. Mailbox / file / SharePoint backup is a separate category.

We use Microsoft Entra ID alongside Okta — does Butterfly support that?

Butterfly's supported providers today are Okta, Okta Workflows, and Auth0. For Entra ID coverage, see our roadmap or contact us via butterflysecurity.org/contact.

How do we restore just one app integration?

Restore preview lets you pick the scope — single app, single policy, single group — before committing.

Recover your Okta org in minutes, not hours

Talk to Mick (the founder) for a 30-minute demo, or start the free trial. No credit card for the free tier.

Book a 30-min demo with MickStart the free trial

More stacks

Okta DR for other stacks

AWS infrastructureDatabricksSnowflakeSalesforceHubSpotGoogle WorkspaceGitHub EnterpriseSlackJira SoftwareNotionZoomDatadog1Password BusinessGitHub + Okta SSOAWS IAM Identity CenterSalesforce + Okta SSOAtlassian stackFinancial servicesHealthcare provider

Trust posture, subprocessors, and security details: Trust Center.