> ## Documentation Index
> Fetch the complete documentation index at: https://docs.petrasecurity.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Changelog

<Update label="July 3, 2026">
  ## Version History for Conditional Access Policies

  You can now see the version history of your Conditional Access Policies in Petra. Use this when analyzing how the policy's scope has changed over time regarding users, locations, or apps in scope.

  You can find this on a Policy's page, under the “History” tab where you can see each time a policy has changed and the exact difference between two versions.

  <Frame caption="Version History for Conditional Access Policies - View Details">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/XUk23A31LOm9PZJX/images/cap-version-history-view-details.png?fit=max&auto=format&n=XUk23A31LOm9PZJX&q=85&s=6a39bfa09bcba4365fcc808eb3d6d8df" alt="Version History for Conditional Access Policies - View Details" width="3108" height="1904" data-path="images/cap-version-history-view-details.png" />
  </Frame>

  <Frame caption="Version History for Conditional Access Policies - Copy Details">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/XUk23A31LOm9PZJX/images/cap-version-history-copy-details.png?fit=max&auto=format&n=XUk23A31LOm9PZJX&q=85&s=e94f73baa5d0cbb84ed1a5a109c1902e" alt="Version History for Conditional Access Policies - Copy Details" width="3308" height="1902" data-path="images/cap-version-history-copy-details.png" />
  </Frame>
</Update>

<Update label="June 26, 2026">
  ## Analyze Report-only Conditional Access Policies and User Groups

  You can now analyze Report-only Conditional Access Policies and User Groups in Petra. Use this to evaluate the potential impact of new Policies and handle exceptions for certain users.

  The Policy page now shows which logins “would be blocked” and allows you to click into a User Group to view or edit its members.

  <Frame caption="Analyze Report-only Conditional Access Policies and User Groups">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/lpCU40kMxX_dnJAO/images/report-only-caps.png?fit=max&auto=format&n=lpCU40kMxX_dnJAO&q=85&s=042ee35ea2c77ccd28bf392de2e1ba9b" alt="Analyze Report-only Conditional Access Policies and User Groups" width="2614" height="1304" data-path="images/report-only-caps.png" />
  </Frame>
</Update>

<Update label="June 19, 2026">
  ## View Conditional Access Policies

  You can now view your Conditional Access Policies (CAPs) across all your tenants in Petra. Use this to get a view of the status, configuration, and impact of each policy.

  This is available on the Policies page. Each policy can be clicked into to dive deeper into its scope and sign-ins blocked by the policy.

  <Frame caption="View Conditional Access Policies">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/UrQipSHsRIg-5fik/images/view-caps.png?fit=max&auto=format&n=UrQipSHsRIg-5fik&q=85&s=97122307782e328105598b65d94fa1a3" alt="View Conditional Access Policies" width="3182" height="1490" data-path="images/view-caps.png" />
  </Frame>
</Update>

<Update label="June 12, 2026">
  ## View Which Conditional Access Policy Blocked Sign-In

  You can now see which Conditional Access Policy (CAP) caused a sign-in to be blocked. Use this to see exactly which CAPs were evaluated for a sign-in and what triggered the blocking policy.

  This is available in the Petra Activity viewer, by clicking the Information icon which will open a drawer of the CAPs on the tenant and the corresponding results.

  <Frame caption="View Which Conditional Access Policy Blocked Sign-In">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/ZUJOOE18RT8hBbys/images/view-which-cap-blocked-sign-in.png?fit=max&auto=format&n=ZUJOOE18RT8hBbys&q=85&s=bc509bcdbe2f6473a3d59fe807613d21" alt="View Which Conditional Access Policy Blocked Sign-In" width="3444" height="1780" data-path="images/view-which-cap-blocked-sign-in.png" />
  </Frame>
</Update>

<Update label="June 5, 2026">
  ## Ad Hoc Cross-Tenant Phish Removal

  We've seen a big rise in sophisticated phishing campaigns, so we've expanded Cross-Tenant Phish Revocation and made it accessible even outside of an incident.

  You can now look for a malicious Subject or Sender, and remove all emails from them, before an incident occurs and across all tenants with one click.

  To see it in action, go to the Admin pane, click Emails, and click Cross-Tenant Phish Removal.

  <Frame caption="Ad Hoc Cross-Tenant Phish Removal">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/bXvIC-Q9W3N3Xwxc/images/cross-tenant-phish-removal-no-incident.png?fit=max&auto=format&n=bXvIC-Q9W3N3Xwxc&q=85&s=40f59f34cc5f1f6fae53a3c0925172e9" alt="Ad Hoc Cross-Tenant Phish Removal" width="3134" height="1586" data-path="images/cross-tenant-phish-removal-no-incident.png" />
  </Frame>
</Update>

<Update label="May 29, 2026">
  ## Domain Spoofing Scan

  Given the recent uptick in Direct Send attacks, this week we shipped a new [Domain Spoofing Scan](/investigating/domain-spoofing). Use this when a client asks about an email they received from "themself."

  This scan includes suggested steps to harden the environment and a new client-ready [Domain Spoofing Report](/reporting/domain-spoofing-report) to reinforce the value you're providing.

  You can run a Domain Spoofing Scan by going to the tenant page and selecting "Domain Spoofing" at the top.

  <Frame caption="Domain Spoofing Scan">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/SHnUfeDIYpyIuq1Y/images/domain_spoofing_scan.png?fit=max&auto=format&n=SHnUfeDIYpyIuq1Y&q=85&s=818dd9484a0fae0712ffd828f8699301" alt="Domain Spoofing Scan" width="3244" height="1848" data-path="images/domain_spoofing_scan.png" />
  </Frame>

  <Frame caption="Domain Spoofing Report">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/SHnUfeDIYpyIuq1Y/images/domain_security_report_domain_page.png?fit=max&auto=format&n=SHnUfeDIYpyIuq1Y&q=85&s=f4259e7b7586c29caeb189b9dfcab10e" alt="Domain Spoofing Report" width="1412" height="1590" data-path="images/domain_security_report_domain_page.png" />
  </Frame>
</Update>

<Update label="May 22, 2026">
  ## User Activity Report

  We shipped a new [User Activity Report](/reporting/user-activity-report). This report highlights a user's sensitive M365 activity, such as accessing financial documents or sending emails to external contacts.

  This report is helpful for ad hoc investigations into a specific user - for example, summarizing the activity of an employee who recently quit.

  You can generate these reports by going to a tenant, scrolling down to the Activity logs section, and clicking the "User Activity" button.

  <Frame caption="User Activity Report (Cover)">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/CzBcdPLQ6i_mNQt8/images/user_activity_report_cover.png?fit=max&auto=format&n=CzBcdPLQ6i_mNQt8&q=85&s=97f437a8183b08667a9c89f7f14d6c4e" alt="User Activity Report" width="1862" height="1042" data-path="images/user_activity_report_cover.png" />
  </Frame>

  <Frame caption="User Activity Report (Exchange)">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/CzBcdPLQ6i_mNQt8/images/user_activity_report_exchange.png?fit=max&auto=format&n=CzBcdPLQ6i_mNQt8&q=85&s=88dbe6cc555c487af10528db7820ab2a" alt="User Activity Report" width="1858" height="1022" data-path="images/user_activity_report_exchange.png" />
  </Frame>

  <Frame caption="User Activity Report (SharePoint)">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/CzBcdPLQ6i_mNQt8/images/user_activity_report_sharepoint.png?fit=max&auto=format&n=CzBcdPLQ6i_mNQt8&q=85&s=6d1a3cfc4e77749903abe266f32a7e7a" alt="User Activity Report" width="1858" height="1024" data-path="images/user_activity_report_sharepoint.png" />
  </Frame>
</Update>

<Update label="May 15, 2026">
  ## Sales Role

  We added a new [Sales](/settings/member-roles-and-permissions#sales) role for your team. This lets your sales team sell Petra to your customers and prospects without giving them total access to your other tenants.

  <Frame caption="Sales Role">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/kbGBccUYDs4pQP5T/images/sales_user.png?fit=max&auto=format&n=kbGBccUYDs4pQP5T&q=85&s=3187c1f4b8338722631209b4121d7c92" alt="Sales Role" width="1016" height="1192" data-path="images/sales_user.png" />
  </Frame>
</Update>

<Update label="May 8, 2026">
  ## Attack Method in Incident Report

  We now show how a user's credentials were stolen leading to the account compromise in the Incident Report's summary section.

  This helps you tell a clear story of what happened to your clients as their trusted security advisor, especially when showcasing retrospective compromises to sell Petra monitoring.

  <Frame caption="Attack Method in Incident Report">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/muvIvvlUGxQBotpX/images/how_compromise_happened_in_report.png?fit=max&auto=format&n=muvIvvlUGxQBotpX&q=85&s=6d584399ee52df9246423ed0171749be" alt="Attack Method in Incident Report" width="2102" height="1468" data-path="images/how_compromise_happened_in_report.png" />
  </Frame>
</Update>

<Update label="May 1, 2026">
  ## Get onboarded tenants in the API

  We added a new [API endpoint](/api-reference/endpoints/get-tenants) to get your tenants on Petra.

  > **Note:**  You can get an API key by going to [Settings -> API](https://app.petrasecurity.com/settings/api-keys).

  <Frame caption="Get onboarded tenants in the API">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/A6p0qVUTwfOHrFOR/images/get-tenants-api-endpoint.png?fit=max&auto=format&n=A6p0qVUTwfOHrFOR&q=85&s=cbc5aaf018d9b2c0128d0a160f71a00a" alt="Get onboarded tenants in the API" width="1278" height="608" data-path="images/get-tenants-api-endpoint.png" />
  </Frame>
</Update>

<Update label="April 24, 2026">
  ## Get failed attacks in the API

  We added a new [API endpoint](/api-reference/endpoints/get-failed-attacks) to get failed attack data. This allows you to build your own custom reports with the same data that powers our white-labeled monthly [Tenant Security Reports](/reporting/tenant-report).

  > **Note:**  You can get an API key by going to [Settings -> API](https://app.petrasecurity.com/settings/api-keys).

  <Frame caption="Get failed attacks in the API">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/3_dO5akwZ6Pzdnbf/images/get-failed-attacks-api-endpoint.png?fit=max&auto=format&n=3_dO5akwZ6Pzdnbf&q=85&s=94449469627edd4a867f4b83130acd6f" alt="Get failed attacks in the API" width="1266" height="540" data-path="images/get-failed-attacks-api-endpoint.png" />
  </Frame>
</Update>

<Update label="April 17, 2026">
  ## Cross-Tenant Phish Revocation

  Petra now searches across all of your tenants to find and revoke the phish before more users fall for it. We often see the same phishing campaign hit multiple tenants. Now when the first compromise is detected, it's kicked out of everyone's mailbox.

  This means every one of your clients benefits from the threat intel you get from any compromise.

  You'll find this below the tagged phish in an incident's Remediation Actions panel.

  <Frame caption="Cross-Tenant Phish Revocation">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/j96fj7AdhG81XnGx/images/cross-tenant-phish-revocation.png?fit=max&auto=format&n=j96fj7AdhG81XnGx&q=85&s=dfab44e1f6bfad62159b183f47b29738" alt="Cross-Tenant Phish Revocation" width="1982" height="830" data-path="images/cross-tenant-phish-revocation.png" />
  </Frame>
</Update>

<Update label="April 10, 2026">
  ## Get incidents in the API

  We added a new [API endpoint](/api-reference/endpoints/get-incidents) to get Petra incidents. This allows you to build workflows and automations.

  > **Note:**  You can get an API key by going to [Settings -> API](https://app.petrasecurity.com/settings/api-keys).

  <Frame caption="Get incidents in the API">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/3_dO5akwZ6Pzdnbf/images/get-incidents-in-api.png?fit=max&auto=format&n=3_dO5akwZ6Pzdnbf&q=85&s=3a719991a160751d78ff486b6a06411e" alt="Get incidents in the API" width="1282" height="448" data-path="images/get-incidents-in-api.png" />
  </Frame>
</Update>

<Update label="April 3, 2026">
  ## White Labeled Example Reports

  The Marketing Hub now offers these white-labeled example reports:

  * Incident Report
  * Tenant Report
  * Scan Report

  These white-labeled example reports are built to help you sell M365 monitoring to your customer base and prospective customers.

  > **Note:** You can set your logo in Branding settings [here](https://app.petrasecurity.com/settings/branding).

  <Frame caption="White Labeled Example Reports">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/IE99mXOVu4lfgz8g/images/whitelabeled-marketing-hub.png?fit=max&auto=format&n=IE99mXOVu4lfgz8g&q=85&s=1b6407e97fb455ee2844ea551d36089b" alt="White Labeled Example Reports" width="3456" height="1908" data-path="images/whitelabeled-marketing-hub.png" />
  </Frame>
</Update>

<Update label="March 27, 2026">
  ## Attacker Retains Password

  Petra now surfaces past compromises in which the attacker's session was revoked, but the account password was not reset. Even if an attacker was locked out of an account, they can get back in if the password was last set prior to the compromise.

  <Frame caption="Attacker Retains Password">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/hg_wpxmhnJmZO37z/images/attacker_retains_password.jpg?fit=max&auto=format&n=hg_wpxmhnJmZO37z&q=85&s=021a4cf2cb1769391bbf02d57cd8ce24" alt="Attacker Retains Password" width="2132" height="358" data-path="images/attacker_retains_password.jpg" />
  </Frame>
</Update>

<Update label="March 20, 2026">
  ## View Tenant Apps

  You can now view a tenant's installed applications. Go to the tenant's page, scroll down to Admin, and select Apps.

  <Frame caption="View Tenant Apps">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/hg_wpxmhnJmZO37z/images/tenant_apps.jpg?fit=max&auto=format&n=hg_wpxmhnJmZO37z&q=85&s=0aa46af0e8477eab6600292693097400" alt="View Tenant Apps" width="3244" height="804" data-path="images/tenant_apps.jpg" />
  </Frame>
</Update>

<Update label="March 13, 2026">
  ## Dwell Time Tag

  The new "Dwell Time" gives you digestible info at a glance after onboarding new clients who have past compromises before Petra was installed.

  <Frame caption="Dwell Time Tag">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/hp7AFgSY3AYstle-/images/dwell_time_tags.jpg?fit=max&auto=format&n=hp7AFgSY3AYstle-&q=85&s=1691e174f8891694c19159d7b3744f9a" alt="Dwell Time Tag" width="11944" height="4356" data-path="images/dwell_time_tags.jpg" />
  </Frame>
</Update>

<Update label="March 6, 2026">
  ## Update GDAP Relationships from Partner Center

  You can now push new GDAP relationships to your tenants from our Partner Center portal. This allows you to more easily onboard tenants to Petra without manually setting up relationships in Microsoft Partner Center.

  <Frame caption="Update GDAP Relationships from Partner Center">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/s-rSov6-X9JX_vyF/images/create-petra-gdap-relationship.png?fit=max&auto=format&n=s-rSov6-X9JX_vyF&q=85&s=3a5e8160a51259a66249ecf43ccff632" alt="Update GDAP Relationships from Partner Center" width="2874" height="1314" data-path="images/create-petra-gdap-relationship.png" />
  </Frame>
</Update>

<Update label="February 27, 2026">
  ## Partner Center

  Now you can connect Microsoft Partner Center to save time by one-click adding new tenants and bulk-updating permissions to take advantage of new Petra features.

  Link it by clicking “Add Tenants” button in the nav bar or by [clicking here](https://app.petrasecurity.com/portal).

  <Frame caption="Partner Center">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/JoYXwSFAbLFcKZdj/images/partner_center.png?fit=max&auto=format&n=JoYXwSFAbLFcKZdj&q=85&s=7603c37271bbd9d78dbf57a9096c7b2e" alt="Partner Center" width="3450" height="1400" data-path="images/partner_center.png" />
  </Frame>
</Update>

<Update label="February 20, 2026">
  ## Billing Role & Granular Member Permissions

  We've given you more control around who can do what in Petra:

  * Invite your finance team under the new **Billing Only** role to give them access limited to viewing the billing page and editing payment methods.
  * Members can now be configured with these new permissions:
    * **Can onboard and modify tenants**
    * **Can view sensitive tenants**

  <Frame caption="Billing Role & Granular Member Permissions">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/d4blh55t3d8tNKsT/images/billing-role-and-member-permissions.png?fit=max&auto=format&n=d4blh55t3d8tNKsT&q=85&s=aaf0cc6bbc2b76240106d474dc5bbb15" alt="Billing Role & Granular Member Permissions" width="1018" height="1156" data-path="images/billing-role-and-member-permissions.png" />
  </Frame>

  <Frame caption="Billing Only Portal">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/d4blh55t3d8tNKsT/images/billing-only-portal.png?fit=max&auto=format&n=d4blh55t3d8tNKsT&q=85&s=7060d66a3d0262a08d9b891b6ba309d3" alt="Billing Only Portal" width="2508" height="1162" data-path="images/billing-only-portal.png" />
  </Frame>
</Update>

<Update label="February 13, 2026">
  ## PSA Billing Integrations

  Petra now syncs billing data directly to your PSA. Billing integrations are available for **ConnectWise**, **Autotask**, and **Halo PSA**. Configure billing sync in [Settings](https://app.petrasecurity.com/settings) and follow the updated setup guides:

  * [ConnectWise PSA](/integrations/connectwise)
  * [Autotask PSA](/integrations/autotask)
  * [Halo PSA](/integrations/halo)

  Each integration guide now includes a dedicated **Billing** section with the additional permissions and configuration required for billing sync.
</Update>

<Update label="February 6, 2026">
  ## Itemized Billing Report

  The Billing Excel sheet now includes per-tenant tabs that break down each billable user and their prorated cost based on when they were added to Petra. You can download this sheet in [billing settings](https://app.petrasecurity.com/settings/usage).

  > **Note:** Itemized billing data is only available since January 2026. Prior reports only include the Summary page.

  <Frame caption="Itemized Billing Report">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/JdtchcM5nWSUFqCv/images/itemized_billing_report.png?fit=max&auto=format&n=JdtchcM5nWSUFqCv&q=85&s=2c4c31c291bc4cb411f2819ab6b53722" alt="Itemized Billing Report" width="3448" height="1946" data-path="images/itemized_billing_report.png" />
  </Frame>
</Update>

<Update label="January 30, 2026">
  ## Custom Webhooks

  **Custom Webhooks** let you automatically send Petra incident alerts to any external service, like Zapier or other automation tools, whenever we detect a compromise. You can customize the HTTP method, headers, and JSON payload to fit your workflow. Find it in [Settings](https://app.petrasecurity.com/settings).

  <Frame caption="Custom Webhooks">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/wrD0C1EiJmY9YZuv/images/custom_webhooks.png?fit=max&auto=format&n=wrD0C1EiJmY9YZuv&q=85&s=fdcf3173483df63240065fbf8a568dc4" alt="Custom Webhooks" width="1326" height="1636" data-path="images/custom_webhooks.png" />
  </Frame>
</Update>

<Update label="January 23, 2026">
  ## The Autopsy Report

  A **Petra Autopsy** investigates the last 6 months of a tenant's activity to uncover attacks and compile forensics. Our new white-labeled **Autopsy Report** transforms 6 months of tenant forensics into a sales-ready document for your client meetings. We hope you use it to demonstrate real security gaps your clients didn't know existed and make deploying Petra a no-brainer for your client.

  What it reveals:

  <ul>
    <li>Previously remediated compromises with deeper analysis</li>
    <li>Active attackers still in the account</li>
    <li>Gaps in existing ITDR solutions</li>
  </ul>

  > **Note:** New MSPs receive an Autopsy with their Petra trial.

  <Frame caption="Cover Page">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/qwZ7mKJfjlfiFZIx/images/autopsy_report_1.png?fit=max&auto=format&n=qwZ7mKJfjlfiFZIx&q=85&s=b9f5ca3483618cd8c66cf82855889032" alt="Cover Page" width="2702" height="1520" data-path="images/autopsy_report_1.png" />
  </Frame>

  <Frame caption="Confirmed Compromises">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/qwZ7mKJfjlfiFZIx/images/autopsy_report_2.png?fit=max&auto=format&n=qwZ7mKJfjlfiFZIx&q=85&s=b75c29687d5f3c14d8d79407b0af0320" alt="Confirmed Compromises" width="2556" height="1386" data-path="images/autopsy_report_2.png" />
  </Frame>

  <Frame caption="Attacker Found Late">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/qwZ7mKJfjlfiFZIx/images/autopsy_report_3.png?fit=max&auto=format&n=qwZ7mKJfjlfiFZIx&q=85&s=80bf53e56dcc6f688f5fd0a389084528" alt="Attacker Found Late" width="2550" height="1478" data-path="images/autopsy_report_3.png" />
  </Frame>
</Update>

<Update label="January 16, 2026">
  ## Redacted Incident PDF

  **Redacted Incident PDFs** help you demonstrate real compromises in sales pitches while protecting client data. To download this report, navigate to an incident in the Petra dashboard, click **"Download Report"**, and select **"Redacted PDF Report"** in the dropdown.

  > **Reminder:** When sharing your screen to showcase incidents to other clients, you can redact PII by clicking the **Anonymize** button on the top right of the Incident page.

  <Frame caption="Redacted Incident PDFs">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/Kd9BJXavT5ZVee5B/images/redacted_incident_pdf.png?fit=max&auto=format&n=Kd9BJXavT5ZVee5B&q=85&s=5c983a44ab9fd61b0d3db2c02711bbef" alt="Redacted Incident PDFs" width="1338" height="1390" data-path="images/redacted_incident_pdf.png" />
  </Frame>

  <Frame caption="Redacted Incident PDF">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/zLiMGzuYfWtP2S4x/images/download_redacted_pdf_report.png?fit=max&auto=format&n=zLiMGzuYfWtP2S4x&q=85&s=93261161260bb6735c577e40d4697d77" alt="Download Redacted Incident PDF" width="3454" height="1564" data-path="images/download_redacted_pdf_report.png" />
  </Frame>

  ## Analyst Summary in the Incidents List

  The list of previous incidents now includes a detailed **Analyst Summary** section, making it easier to distinguish between incidents. This helps you select a more compelling and diverse set of previous compromises when engaging prospective clients.

  <Frame caption="Analyst Summary in the Incidents List">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/uFF5Z33bOD4BUnA5/images/analyst_summary_in_incidents_view.png?fit=max&auto=format&n=uFF5Z33bOD4BUnA5&q=85&s=7adeddb9e33d91e3940d14348973acee" alt="Analyst Summary in the Incidents List" width="3434" height="1004" data-path="images/analyst_summary_in_incidents_view.png" />
  </Frame>
</Update>

<Update label="January 9, 2026">
  ## Incident Summary

  Now the incident page has an “Incident Summary” section which succinctly highlights the most important details of the attack. This enables account managers and salespeople to tell a clear story of the attack, rather than overwhelm the client or prospect with information.

  <Frame caption="Incident Summary">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/kblvC9U6K0Wqb-WO/images/incident_summary.png?fit=max&auto=format&n=kblvC9U6K0Wqb-WO&q=85&s=16c47a054f38aacf6529c789edee75b7" alt="Incident Summary" width="3404" height="1454" data-path="images/incident_summary.png" />
  </Frame>

  ## Tenant Onboarding Tracker

  When adding new tenants, you'll now see a streamlined onboarding tracker that displays real-time status updates. This gives you clearer visibility into each tenant's onboarding progress and lets you anticipate exactly when they'll be fully set up.

  <Frame caption="Tenant Onboarding Tracker">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/w-Nl002hESaF44zb/images/pizza_tracker.png?fit=max&auto=format&n=w-Nl002hESaF44zb&q=85&s=e6b965a749a3076ec1eeca56140c5c62" alt="Tenant Onboarding Tracker" width="2702" height="316" data-path="images/pizza_tracker.png" />
  </Frame>
</Update>

<Update label="December 19, 2025">
  ## Tenant Report Redesign

  The Tenant Report has been redesigned! We've listened to your feedback and added the most requested features and improvements. Go check out the new [Report Generator](https://app.petrasecurity.com/report-generator).

  > **Reminder:** You can configure automatic sending of Tenant Reports at the end of every month by going to [Settings](https://app.petrasecurity.com/settings) and adding your organization's emails in the **"Automated Monthly Reports (Internal emails only)"** section.

  <Frame caption="Tenant Report Redesign">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/e1vrxuh0WBM4wmOZ/images/new_security_report.png?fit=max&auto=format&n=e1vrxuh0WBM4wmOZ&q=85&s=ee51451b5c40f78159636db5b3aa0e3f" alt="Tenant Report Redesign" width="3434" height="1858" data-path="images/new_security_report.png" />
  </Frame>
</Update>

<Update label="December 12, 2025">
  ## Anonymize Incidents

  You can now anonymize an incident to help you show any quickly caught incident as a victory lap, and any Autopsy as a cautionary tale. Go to an incident page, click the Anonymize button on the top right, and select which information should be hidden.

  <Frame caption="Anonymize Incidents">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/ZP1zyxgb5VurHq7K/images/anonymize_incident.png?fit=max&auto=format&n=ZP1zyxgb5VurHq7K&q=85&s=cd2981f89c59fa43daaa971538a375ed" alt="Anonymize Incidents" width="3436" height="1970" data-path="images/anonymize_incident.png" />
  </Frame>
</Update>

<Update label="December 5, 2025">
  ## The Marketing Hub

  The Marketing Hub offers a collection of documents, slides, and waivers that are meant to help you share the value of Petra ITDR with your clients. Navigate here by clicking the "Marketing" tab in the navbar or by [clicking here](https://app.petrasecurity.com/marketing).

  Today, the Marketing Hub offers the following resources:

  <ul>
    <li><b>Autopsy One-Pager:</b> One-page overview of Petra autopsy capabilities and incident investigation workflow</li>
    <li><b>Example Report (with ITDR):</b> Sample security report showcasing enhanced detection capabilities with Petra ITDR</li>
    <li><b>Forensic Analysis One-Pager:</b> One-page overview of Petra forensic analysis capabilities and threat detection</li>
    <li><b>Threat Intel - ITDR (white labeled):</b> White-label ready threat intelligence presentation on ITDR capabilities and insights</li>
    <li><b>Opt-Out Campaign Toolkit:</b> Documentation and guide for the Petra opt-out campaign toolkit and resources</li>
    <li><b>Waiver - ITDR Opt-Out:</b> Opt-out waiver document for ITDR services and related terms</li>
    <li><b>Two-Pager - Why ITDR + Why Petra:</b> Two-page overview document highlighting Petra ITDR capabilities</li>
    <li><b>Two-Pager - Why M365 Monitoring (white labeled):</b> Two-page overview document highlighting general M365 ITDR capabilities</li>
    <li><b>How To Categorize Your Risk:</b> Presentation slide providing guidance on categorizing and assessing security risks</li>
    <li><b>Why M365 Protection Matters:</b> Presentation slide explaining the importance of Microsoft 365 security protection</li>
  </ul>

  <Frame caption="The Marketing Hub">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/5t4kEJQrSV57TM03/images/marketing_hub.png?fit=max&auto=format&n=5t4kEJQrSV57TM03&q=85&s=b55419db57bc3593d190b50683cf8291" alt="Marketing Hub" width="3410" height="1974" data-path="images/marketing_hub.png" />
  </Frame>
</Update>

<Update label="November 28, 2025">
  ## View Tenant-Wide MFA Enforcement

  You can now see whether MFA is enforced for every user in a tenant directly from the tenant homepage. Both legacy MFA methods and enforcement through Conditional Access Policies are shown.

  <Frame caption="View Tenant-Wide MFA Enforcement">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/5t4kEJQrSV57TM03/images/mfa_enforced_by_cap.png?fit=max&auto=format&n=5t4kEJQrSV57TM03&q=85&s=85af5faadba9d9c285e82d60c03f5d7f" alt="View Tenant-Wide MFA Enforcement" width="3312" height="760" data-path="images/mfa_enforced_by_cap.png" />
  </Frame>
</Update>

<Update label="November 21, 2025">
  ## SOC Incident Highlighting

  Our SOC highlights especially relevant or noteworthy incidents for your clients with a star. This helps you quickly spot the most important incidents to showcase, even when Petra detects many incidents.

  <Frame caption="SOC Incident Highlighting">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/5t4kEJQrSV57TM03/images/soc_incident_favoriting.png?fit=max&auto=format&n=5t4kEJQrSV57TM03&q=85&s=a61979ea2752fb724411908566e4dbaf" alt="Read-Only Members" width="3428" height="842" data-path="images/soc_incident_favoriting.png" />
  </Frame>
</Update>

<Update label="November 14, 2025">
  ## Read-Only Members

  You can now assign read-only status to members within your organization. Read-only members are restricted to viewing content and cannot perform any actions in the app. By default, all existing users are not set to read-only, and this setting is also not set for new members unless specified. You can designate a member as read-only either when inviting them or by updating their permissions at any time in the Settings -> Access page.

  <Frame caption="Read-Only Members">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/YSsJ3gkL6-kIz_vA/images/read_only_users.png?fit=max&auto=format&n=YSsJ3gkL6-kIz_vA&q=85&s=341c5e80854900ecd195e4f17f7fa66d" alt="Read-Only Members" width="1012" height="982" data-path="images/read_only_users.png" />
  </Frame>
</Update>

<Update label="November 7, 2025">
  ## Delete Malicious Inbox Rules

  You can now delete inbox rules from the Threat Remediation Actions panel.

  <Frame caption="Delete Inbox Rules">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/SygMJSPiyPHdVHhP/images/delete_inbox_rules.png?fit=max&auto=format&n=SygMJSPiyPHdVHhP&q=85&s=13aa6e0a605c716dc55d32eb32a7718b" alt="Delete Inbox Rules" width="1694" height="488" data-path="images/delete_inbox_rules.png" />
  </Frame>
</Update>

<Update label="October 31, 2025">
  ## New Remediation Actions Panel

  The Threat Remediation Actions panel has been updated with a clearer layout, making it easier to find and perform the actions you need.

  <Frame caption="New Remediation Actions Panel">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/OX5Ob6jj40iUWxIS/images/new_remediation_actions_panel.png?fit=max&auto=format&n=OX5Ob6jj40iUWxIS&q=85&s=dd51486cdb17643d4cad69269f765fad" alt="New Remediation Actions Panel" width="3206" height="1786" data-path="images/new_remediation_actions_panel.png" />
  </Frame>
</Update>

<Update label="October 24, 2025">
  ## International Text Alerts

  International text alerts are now supported for UK (+44) numbers. When an incident occurs, we can send SMS notifications to members of your organization in the US and the UK. To use this feature, go to "Settings" > "Notifications" > "Texts" and choose the appropriate country code for each recipient.

  <Frame caption="International Text Alerts">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/OX5Ob6jj40iUWxIS/images/international_text_alerts.png?fit=max&auto=format&n=OX5Ob6jj40iUWxIS&q=85&s=97af6366c2de112f05c84478e0ea6e3a" alt="International Text Alerts" width="1068" height="176" data-path="images/international_text_alerts.png" />
  </Frame>
</Update>

<Update label="October 17, 2025">
  ## Threat Remediation Report Includes Phish

  Improved the Threat Remediation Report to include the phish that led to the compromise.

  <Frame caption="Phish in Threat Remediation Report">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/RT3SwqZdrytmoG8M/images/threat_remediation_report_with_phish.png?fit=max&auto=format&n=RT3SwqZdrytmoG8M&q=85&s=95b9b0418d1d8e902bd9b08f2ef5ad62" alt="Phish in Threat Remediation Report" width="1800" height="1844" data-path="images/threat_remediation_report_with_phish.png" />
  </Frame>
</Update>

<Update label="October 10, 2025">
  ## Rogue Apps & Remnant Inbox Rule Incident Redesign

  We redesigned the Rogue Apps and Remnant Inbox Rule incidents to show all available context and remediation options.
</Update>

<Update label="October 3, 2025">
  ## Historical Usage Data

  You can now select a past month to see historical usage data.

  <Frame caption="Historical Usage Data">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/xxE2XsN9vj6Cz3pv/images/historical_usage_data.png?fit=max&auto=format&n=xxE2XsN9vj6Cz3pv&q=85&s=ab661aa85120fbf3a26863003918f4c8" alt="Historical Usage Data" width="2474" height="1294" data-path="images/historical_usage_data.png" />
  </Frame>
</Update>

<Update label="September 26, 2025">
  ## Full Incidents in Tenant Report Appendix

  When a Tenant Report includes an Incident, the complete Incident Report will now be added to the Appendix.

  <Frame caption="Full Incident in Tenant Report">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/OhK1Ua1Tw1NldKSM/images/full_incidents_in_report.jpg?fit=max&auto=format&n=OhK1Ua1Tw1NldKSM&q=85&s=2b848d41353df466cc4af22c7aa148ee" alt="Full Incident in Tenant Report" width="5130" height="2931" data-path="images/full_incidents_in_report.jpg" />
  </Frame>

  ## Tenant Report Bug Fixes

  Thanks to some helpful feedback from customers, we've fixed a few bugs in the Tenant Report.

  * Improved readability of the Executive Summary page
  * Fixed bug for particularly long usernames in the failed attacks section
</Update>

<Update label="September 19, 2025">
  ## Tenant Report Redesign

  The Tenant Report has been redesigned! Go check out the new [Report Generator](https://app.petrasecurity.com/report-generator).

  <Frame caption="Tenant Report Redesign">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/txTVT1sLIspogrzL/images/report_cover.png?fit=max&auto=format&n=txTVT1sLIspogrzL&q=85&s=3a50bb387e3a3e6cf732d1546bc9d9eb" alt="Tenant Report Redesign" width="3420" height="1954" data-path="images/report_cover.png" />
  </Frame>

  ## Tenant Report Configuration

  <Frame caption="Tenant Report Configuration">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/txTVT1sLIspogrzL/images/report_builder_configuration.png?fit=max&auto=format&n=txTVT1sLIspogrzL&q=85&s=0143d7c0bc946e14d41337f263e9f0ee" alt="Tenant Report Configuration" width="3420" height="1960" data-path="images/report_builder_configuration.png" />
  </Frame>

  * <b>High Value Accounts</b>: tag accounts like CEO, CFO, billing manager to see greater detail on who is targeting them.

  * <b>Hidden Accounts</b>: hide accounts that you want to be excluded from the report, like your own admin account or testing accounts.

  * <b>Hidden Incidents</b>: hide incidents that you want to be excluded from the report, like those that you've already surfaced to the client.

  * <b>Other Options</b>: customize which sections are included in the report.
</Update>

<Update label="September 12, 2025">
  ## Automate Sending Monthly Tenant Reports

  Now you can schedule sending security reports to your tenants and your organization at the end of every month.

  <b>Directly to tenants:</b> Go to a tenant's page, click the gear icon on the top right, and add their emails in the "Tenant-Specific Monthly Reports" section. These emails will receive a tenant-specific security report at the end of every month.

  <Frame caption="Tenant-Specific Automated Security Reports">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/1SxqHPksKyigGMEz/images/tenant-specific-monthly-report.png?fit=max&auto=format&n=1SxqHPksKyigGMEz&q=85&s=8b992fea4293ffc729eccbcfb2d3e2d5" alt="Tenant-Specific Automated Security Reports" width="3010" height="1538" data-path="images/tenant-specific-monthly-report.png" />
  </Frame>

  <b>To your organization:</b> Go to settings and add internal emails in the "Automated Monthly Reports" section. These emails will receive a security report for every tenant at the end of every month.

  *Note: These emails will receive security reports for <u>all of your tenants</u>. We recommend that you only add emails within your organization.*

  <Frame caption="Organization Automated Monthly Reports">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/58gOZcAQNa0TAeaz/images/org-wide-monthly-report.png?fit=max&auto=format&n=58gOZcAQNa0TAeaz&q=85&s=6acca2750e1fbaa2270663d2846f2a98" alt="Automated Monthly Reports" width="3002" height="1486" data-path="images/org-wide-monthly-report.png" />
  </Frame>
</Update>

<Update label="September 5, 2025">
  ## Include User Licenses in Admin Panel and Excel Export

  Now you can see what licenses each user has in the admin panel and when you export user lists to Excel. This is useful for right-sizing spend for your clients.

  <Frame caption="User Licenses">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/xBfWXIB8yeNWf6t7/images/user-licenses.png?fit=max&auto=format&n=xBfWXIB8yeNWf6t7&q=85&s=0f63d56ecd928fd38a22f05b5ec57ba1" alt="User Licenses" width="3388" height="1770" data-path="images/user-licenses.png" />
  </Frame>

  ## Edit Tenant Name

  Now you can edit the name of a tenant.

  <Frame caption="Edit Tenant Name">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/xBfWXIB8yeNWf6t7/images/tenant-name-settings.png?fit=max&auto=format&n=xBfWXIB8yeNWf6t7&q=85&s=40755286bfe4ae50960bf51a92bcd71d" alt="Edit Tenant Name" width="3420" height="1782" data-path="images/tenant-name-settings.png" />
  </Frame>
</Update>

<Update label="August 29, 2025">
  ## Petra Automatically Enables Audit Logs

  Now when you onboard a tenant, Petra automatically enables audit logs if they were not already enabled.

  We all know the pain of trying to enable audit logs in Purview--it lags by hours and often takes several attempts. Now onboarding in Petra is the last step in setting up monitoring.

  Like everything else in Petra, this is available regardless of Microsoft license level.

  ## Improved Threat Remediation Report Timeline

  We updated the summary timeline at the bottom of the Threat Remediation Report to focus on the most important events in the incident--especially how you stopped it.

  <Frame caption="Improved Threat Remediation Report Timeline">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/FbukLCiw2zkqhqG8/images/threat_remediation_report_timeline.png?fit=max&auto=format&n=FbukLCiw2zkqhqG8&q=85&s=37c95e704f3c92fef2e8fc0bc69593b4" alt="Improved Threat Remediation Report Timeline" width="3274" height="1914" data-path="images/threat_remediation_report_timeline.png" />
  </Frame>
</Update>

<Update label="August 22, 2025">
  ## SharePoint Malicious File Removal

  Attackers often upload new files to SharePoint to use as a phishing lure.

  Petra commonly uncovers these files in baselining when latent attackers are discovered. Now you can remove them from SharePoint from within Petra without opening Microsoft.

  <Frame caption="SharePoint Malicious File Removal">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/FbukLCiw2zkqhqG8/images/sharepoint-remediation.png?fit=max&auto=format&n=FbukLCiw2zkqhqG8&q=85&s=afc0bf5b8d9730337919c08ef8f12e8e" alt="SharePoint Malicious File Removal" width="3224" height="1962" data-path="images/sharepoint-remediation.png" />
  </Frame>
</Update>

<Update label="August 15, 2025">
  ## Tenant Logs Excel Export

  You can now export tenant logs to Excel. The export includes fully enriched metadata for Exchange, including email subjects, sender, recipients, and more.

  The export respects any filters you have applied in the viewer, so you can get, for example:

  * A specific user's activity across logins, Exchange, SharePoint, Teams, etc.
  * All activity across a tenant for a specific time period.
  * All sent emails across a tenant for a specific time period.

  <Frame caption="Export button opens the Excel export dialog">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/FbukLCiw2zkqhqG8/images/tenant-activity-excel-export.png?fit=max&auto=format&n=FbukLCiw2zkqhqG8&q=85&s=45c10e55d0ba7338efa504e61558b632" alt="Tenant Logs Excel Export" width="3420" height="1962" data-path="images/tenant-activity-excel-export.png" />
  </Frame>

  <Frame caption="Excel export modal">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/FbukLCiw2zkqhqG8/images/tenant-activity-excel-modal.png?fit=max&auto=format&n=FbukLCiw2zkqhqG8&q=85&s=d6a668c7d4fad521cfc305da10e6847d" alt="Tenant Logs Excel Export" width="3420" height="1962" data-path="images/tenant-activity-excel-modal.png" />
  </Frame>
</Update>

<Update label="August 8, 2025">
  ## Halo PSA Integration

  You can now link your Halo PSA account to Petra. Go to [Settings](https://app.petrasecurity.com/settings) to link your Halo PSA account.

  Follow this guide to integrate with Halo PSA: [Halo PSA Integration](/integrations/halo).
</Update>

<Update label="August 1, 2025">
  ## Phish Search & Retraction

  Phish search and retraction now catches replies and forwards. It's surprisingly common for the recipient of a phish to forward it to coworkers. Now Petra finds all of those replies and forwards so we can retract those too.

  <Frame caption="Asha, the initial recipient, forwarded the phish to Holly.">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/FbukLCiw2zkqhqG8/images/phish-similarity-matches-re-and-fwd.png?fit=max&auto=format&n=FbukLCiw2zkqhqG8&q=85&s=1b6d7615679836351f1eb433d8c3da22" alt="Phish Search & Retraction" width="3420" height="1816" data-path="images/phish-similarity-matches-re-and-fwd.png" />
  </Frame>

  ## Excel Export for Usage by Tenant

  The usage page in settings now includes an option to export usage data by tenant to Excel.

  <Frame caption="Excel Export for Usage by Tenant">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/export_usage_to_excel.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=5e38224cfdc7aa12d87c13a5045aded1" alt="Excel Export for Usage by Tenant" width="3420" height="1814" data-path="images/export_usage_to_excel.png" />
  </Frame>

  ## Beta of API Endpoint for Tenant Usage

  We launched a beta of an API endpoint for tenant usage. Contact us if you want to try it. Read more about it in the [API documentation](/api-reference/endpoints/get-usage).
</Update>

<Update label="July 25, 2025">
  ## Email Search and Removal

  The admin panel now includes the ability to search for emails by subject, sender, and recipient, as well as the option to remove emails.

  <Frame caption="Find and Remove Emails">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/emails-admin.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=c1517b5081201dcdf6bbe46155f2aa22" alt="Emails Admin" width="3420" height="1918" data-path="images/emails-admin.png" />
  </Frame>

  ## Sensitive Tenants

  Sensitive Tenants are tenants that only admins have access to within Petra. This is useful for safeguarding access to certain tenants, such as the MSP's own tenant.

  <Frame caption="Sensitive Tenants">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/FbukLCiw2zkqhqG8/images/sensitive-tenants.png?fit=max&auto=format&n=FbukLCiw2zkqhqG8&q=85&s=dfa7a45a6eeeda9255f88e0876a95eda" alt="Sensitive Tenants" width="3420" height="1900" data-path="images/sensitive-tenants.png" />
  </Frame>
</Update>

<Update label="July 18, 2025">
  ## Better Phish Deletion

  <Frame caption="Phish Deletion">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/delete_phish_dialog.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=921188e6e4c9d5d35555b04539e08982" alt="Phish Deletion Options" width="3420" height="1962" data-path="images/delete_phish_dialog.png" />
  </Frame>

  Phish deletion now includes both <b>soft delete</b> and <b>hard delete</b>.

  * <b>Soft delete</b> moves the email to the recoverable folder within deleted items (which users are much less likely to find than just the deleted folder).

  * <b>Hard delete</b> deletes the email from the mailbox.

  We aim for the remediation actions taken by Petra Response to be 1) effective and 2) reversible, so we will soft delete and leave the hard delete as an option for your analyst when they review the incident. If it turns out we were wrong, your analyst would instead click "Recover" to move the emails back to the inbox.

  ## Delegated Activity in the Activity Viewer

  <Frame caption="Delegated Activity">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/delegated_activity_labels.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=f0d63ce7d6012ee6021634ea24ab5ef4" alt="Delegated Activity" width="3420" height="1922" data-path="images/delegated_activity_labels.png" />
  </Frame>

  Now when one user acts on behalf of another, the activity viewer will display both the actor and the delegated mailbox.

  This is critical for understanding compromises involving delegated mailboxes and administrators who have permission to act on behalf of other users.
</Update>

<Update label="July 11, 2025">
  ## Deep Links & Streamlined Sign In

  * <b>Deep Links</b>: Now if you open a link to a specific page (e.g. an incident link in a ticket), you'll be taken to that same page after you sign in.
  * <b>Streamlined Sign In</b>: We removed the organization selection step during sign in, reducing sign-in flow by 1 click in 99% of cases.

  ## Incident Forensics Countdown

  Microsoft logs are often delayed by a few minutes, which could cause the forensics in the Threat Remediation Report to change in the minutes after the incident.

  You can now see an estimated time for all of the forensics to be published by Microsoft and included in the Threat Remediation Report.

  <Frame caption="Incident Forensics Countdown">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/microsoft-log-delay-timer.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=31f5dcb88b5e5f75d9ea1b6a6e3ed5ee" alt="Incident Forensics Countdown" width="2810" height="1262" data-path="images/microsoft-log-delay-timer.png" />
  </Frame>
</Update>

<Update label="July 4, 2025">
  ## Improvements to Self-serve Tenant Management

  <Frame caption="Self-serve Tenant Management">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/FbukLCiw2zkqhqG8/images/self-serve-tenant-management.png?fit=max&auto=format&n=FbukLCiw2zkqhqG8&q=85&s=9489deb717eaeced81952203e8e5d125" alt="Self-serve Tenant Management" width="3420" height="1808" data-path="images/self-serve-tenant-management.png" />
  </Frame>

  You can now remove tenants at any time without talking to anyone.

  Go to [Settings > Usage](https://app.petrasecurity.com/settings/usage) to manage your tenants.
</Update>

<Update label="June 27, 2025">
  ## Similar Phish Retraction

  <Frame caption="Stop others from falling for the same phish">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/FbukLCiw2zkqhqG8/images/similar_phish_retraction.png?fit=max&auto=format&n=FbukLCiw2zkqhqG8&q=85&s=ebb7c82433802136c4db5c5c645d8620" alt="Similar Phish Retraction" width="3174" height="1724" data-path="images/similar_phish_retraction.png" />
  </Frame>

  Now you can quickly see who else received a similar phish and remove it from their inbox.

  This stops other employees from falling for the same phish.

  Highlights:

  * The 'Current Folder' column updates in realtime as you or the employee moves the email.
  * The 'Interactions' column opens the Email Interactions Panel which displays all read/moved/deleted/etc. interactions with the email.
</Update>

<Update label="June 20, 2025">
  ## Edit Analyst Note for Reports

  <Frame caption="Edit Analyst Note for Reports">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/editable_external_note.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=5090fae6e31d2550e2a16174a7dac33c" alt="Edit Analyst Note for Reports" width="3170" height="1824" data-path="images/editable_external_note.png" />
  </Frame>

  This week's release gives you the ability to edit the analyst note that appears in the Threat Remediation Report PDF.

  We also added formatting to the notes to accommodate timelines, highlighting critical info, etc.
</Update>

<Update label="June 13, 2025">
  ## Added DKIM & Mailbox Permissions to Remediation Actions Panel

  <Frame caption="DKIM & Mailbox Permissions">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/dkim_and_recipient_permission.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=7ecf47662464687dfeab97d2a17bdabf" alt="Added DKIM & Mailbox Permissions to Remediation Actions Panel" width="1856" height="1064" data-path="images/dkim_and_recipient_permission.png" />
  </Frame>

  The Remediation Actions panel now includes attacker activity in DKIM configuration and mailbox permissions.

  This is important for understanding what the attacker did and how to undo it.
</Update>

<Update label="June 6, 2025">
  ## White-label Portal & PDF Reports

  <Frame caption="White-label Portal & PDF Reports">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/FbukLCiw2zkqhqG8/images/white_label_portal.png?fit=max&auto=format&n=FbukLCiw2zkqhqG8&q=85&s=7e31706e15440369289e16c3b5360581" alt="White-label Portal & PDF Reports" width="3420" height="1962" data-path="images/white_label_portal.png" />
  </Frame>

  You now have the ability to use your own branding in the Petra portal and reports.

  Now your logo is used in the nav bar and every report, which gives your external guests a consistent experience with your brand.
</Update>

<Update label="May 30, 2025">
  ## Petra Autopsy: Incident Response for BECs

  <Frame caption="Petra Autopsy analyzes the 6 months prior to onboarding">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/active_vs_autopsy_panel.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=2a7cffd41a1eb5a6e2baeb22ed0de568" alt="Active vs Autopsy panel" width="1976" height="1214" data-path="images/active_vs_autopsy_panel.png" />
  </Frame>

  Introducing <b>Petra Autopsy</b>.

  We now have the capability to do <b>find and compile forensics for compromises up to 6 months before onboarding</b>.

  Now when a prospect or client needs incident response for a BEC, you can offer them a full forensic incident report and Excel export <b>delivered within 24 hours</b>.
</Update>

<Update label="May 23, 2025">
  ## Improved White-label Threat Remediation Report

  <Frame caption="Improved White-label Threat Remediation Report">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/dfir_pdf_export.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=b0b634316f07fb4ee6b0897fcda74e27" alt="Improved White-label Threat Remediation Report" width="3294" height="2062" data-path="images/dfir_pdf_export.png" />
  </Frame>

  We redesigned the PDF export.

  Highlights:

  1. New executive summary for quick read-through.
  2. Attack duration and impact (crowd favorites in the portal) are now in the PDF.
  3. More compact timeline of events table on the second page.
</Update>

<Update label="May 16, 2025">
  ## Tenant-specific Access

  <Frame caption="Tenant-specific access">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/FbukLCiw2zkqhqG8/images/tenant_specific_access_release.png?fit=max&auto=format&n=FbukLCiw2zkqhqG8&q=85&s=7c92aa178a090fa3529e80ee5efbde83" alt="Tenant-specific access" width="3420" height="1962" data-path="images/tenant_specific_access_release.png" />
  </Frame>

  You can now invite members to a subset of your tenants in Petra.

  This is helpful for two use-cases:

  1. Giving access to a client who needs to see the portal themselves.
  2. Least-privilege access to a subset of tenants for an AE or technical team member.
</Update>

<Update label="May 12, 2025">
  ## Revamped Attack Timeline

  <Frame caption="Attack Timeline">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/attack_timeline_5_12_25.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=50e78919ba4e047885a1e84bc64758b2" alt="Revamped Attack Timeline" width="3417" height="1830" data-path="images/attack_timeline_5_12_25.png" />
  </Frame>

  The new attack timeline shows all of the attacker’s activity over the course of an account compromise: from the initial phish -> successful logins -> sharepoint/exchange activity.

  Then, we can see Petra flagging that attacker’s activity, killing current sessions, and locking the account.

  Afterwards, we often see failed logins as the attacker bangs on the door.

  The new attack timeline sits at the bottom of the incident view, just beneath the Attack Impact panel.
</Update>

<Update label="May 9, 2025">
  ## Attack Impact

  <Frame caption="Attack Impact in continuous monitoring">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/attack_impact_continuous_monitoring.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=34565aab34d2c9ce265d0cd6793cd64f" alt="Attack Impact in continuous monitoring" width="3372" height="1344" data-path="images/attack_impact_continuous_monitoring.png" />
  </Frame>

  <Frame caption="Attack Impact in an incident response case">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/attack_impact_incident_response.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=0ec3d4fa4305949499ad7a5abdea207e" alt="Attack Impact in an incident response case." width="3408" height="1829" data-path="images/attack_impact_incident_response.png" />
  </Frame>

  What files/emails did the attacker touch?

  Usually, defenders have to dig through logs and powershell scripts to find the answer.

  Instead, we make it easy to see what an attacker did with *Attack Impact*.

  You can see exactly which emails and files the attacker read, modified, sent, or deleted.

  This is particularly helpful for identifying things like:

  1. What emails did the attacker send? To whom? (Likely to laterally phish).
  2. What files did the attacker modify?
  3. What did the attacker delete?

  Just as importantly, Attack Impact helps you identify what the attacker did NOT read or interact with. For GDPR and HIPAA clients with disclosure requirements, this is a huge time and money saver.
</Update>

<Update label="May 2, 2025">
  ## Tenant-wide Email Subject Search

  <Frame caption="Filter emails by subject">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/email_subject_filtering.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=5f5d6987ae9e12c351ba64573c42d170" alt="Filter emails by subject" width="3418" height="1962" data-path="images/email_subject_filtering.png" />
  </Frame>

  Super fast tenant-wide search.

  This is useful for a variety of forensics tasks, like tracking down an email that a user vaguely remembers or getting to the root of an email thread.

  When you want all of the emails in a thread, use "contains" without case sensitivity to include the "Re:" and "Fwd:" messages. When you want the root, use "equals."
</Update>

<Update label="April 25, 2025">
  ## Phish Similarity Search

  <Frame caption="Two emails are similar to the known phish">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/phish-similarity-2.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=7c40a9a11cb080b4a8bd2b1097b1919a" alt="Petra identifies emails similar to the known phish" width="1850" height="1064" data-path="images/phish-similarity-2.png" />
  </Frame>

  We see this all the time: after a successful phish, sometimes attackers will send similar emails to other users in the organization, hoping to phish them as well. If the first one worked, there's a pretty high chance others will too.

  After a user has been phished, and the phishing email has been identified by Petra, Petra shows you similar emails to the phish email.

  In a future update, you'll be able to one-click remove these emails from mailboxes in your tenant.

  ## Email Interactions Panel

  <Frame caption="Asha received and opened the phish">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/email-sidebar-2.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=e77fb1b2a82f1c6bacc86519151083ba" alt="See who has interacted with an email" width="3024" height="1822" data-path="images/email-sidebar-2.png" />
  </Frame>

  Via the Email Interactions Panel, you can see who has read/forwarded/replied/etc. an email.

  This is helpful after a user has gotten phished to see who all is in the blast radius––i.e. who all has read/clicked/replied to the phish email.

  In a future update, you'll be able to one-click remove all identified similar phishing emails from your environment.

  ### Other updates this week:

  <ul>
    <li><b>Incident logs export:</b> Export all logs from an incident as .xlsx</li>
    <li><b>User list export:</b> Export all users in a tenant as .xlsx</li>
  </ul>
</Update>

<Update label="April 18, 2025">
  ## Company IP Detection

  <Frame caption="104.8.38.161 is the Daly City office VPN">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/company-ip-detection.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=6bd839c622a8f7dee62c4692d126a2cb" alt="Company IP detection showing a shared IP address" width="1583" height="892" data-path="images/company-ip-detection.png" />
  </Frame>

  IP geolocation can be misleading. Just because a user logs in from a New York IP every day doesn't mean they're actually in New York. It could be the company's shared tunnel or office VPN that everyone uses.

  **Petra now tells you when a login is coming from a shared company IP**. Our detection engine already uses this signal to cut down on false impossible travel alerts, and now we're surfacing it in the portal
  so you have that context when investigating.

  ## Logging Received Emails

  'Email Received' events are now processed in addition to the traditional operations logged in the Unified Audit Log. Now, you can see who has received an email before they interact with it at all.
</Update>

<Update label="April 11, 2025">
  ## Disable Inbox Rules & App Registrations

  <Frame caption="Remediate inbox rules and app registrations">
    <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/inbox-rule-and-app-remediation.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=f8c1543103e8df286a4e13b1d40dd3a0" alt="Remediate inbox rules and app registrations" width="2188" height="1214" data-path="images/inbox-rule-and-app-remediation.png" />
  </Frame>

  **You can now 1-click disable inbox rules and app registrations that the attacker added** when they had access. You'll also see audit logs that record when each action was taken, and by whom.

  The portal constantly syncs with the state from Microsoft, so if for some reason something was disabled or deleted directly in Microsoft, that would be reflected here too.
</Update>

<Update label="April 3, 2025">
  ## Filter Auth Methods and Devices by username

  <ul>
    <li>Search and filter authentication methods and devices by specific usernames for targeted investigations.</li>
    <li>Username is auto-populated to the compromised account during an incident.</li>
  </ul>

  ## Export spotlighted investigations as PDF

  <ul>
    <li>Download complete records of spotlight investigations as PDF files for documentation and sharing.</li>
    <li>Reports are company-branded for professional presentation.</li>
  </ul>
</Update>

<Update label="March 27, 2025">
  ## Phish Identification

  <ul>
    <li>Petra identifies the email that is most likely the phish that led to the user's compromise.</li>
    <li>Phish appears in attack timeline with forensic details showing when the user clicked on the phish and if the user deleted it thereafter.</li>
    <li>Identify if the attacker deleted the phish to cover their tracks.</li>
  </ul>

  ## Autotask Integration

  <ul>
    <li>Generate tickets in an Autotask queue when there's an incident.</li>
  </ul>

  ## Redesign tenant report

  <ul>
    <li>White-labeled tenant report includes an executive summary on the first page.</li>
  </ul>

  ## Include inbox rule content in Attack Timeline

  <ul>
    <li>See the contents of the inbox rules including their title, conditions, exceptions, and actions.</li>
  </ul>
</Update>

<Update label="March 20, 2025">
  ## Added Acme Corp demo tenant to the portal

  <ul>
    <li>Demo tenant now available in your portal for product exploration.</li>
    <li>Use this tenant to demonstrate the value of M365 monitoring to prospects.</li>
  </ul>

  ## Data Center tagging in activity viewer

  <ul>
    <li>IP addresses belonging to data centers are tagged in the logs viewer.</li>
    <li>Easily identify traffic originating from cloud providers and hosting services.</li>
  </ul>

  ## Login stats sidebar

  <ul>
    <li>View login frequency across various cities over time.</li>
    <li>Identify unusual login location patterns at a glance.</li>
  </ul>

  ## Multi-select filters on logs

  <ul>
    <li>Add filters that match multiple values (e.g., country not equals US or Canada).</li>
    <li>Create complex queries to narrow down specific activity patterns.</li>
  </ul>

  ## Slack webhook integration

  <ul>
    <li>Send incident notifications to Slack channels through webhooks.</li>
  </ul>

  ## Mail to UPN auto-resolution

  <ul>
    <li>Searching by email address or UPN includes logs for both automatically.</li>
  </ul>
</Update>

<Update label="March 13, 2025">
  ## Make the entire app mobile-friendly

  <ul>
    <li>All Petra interfaces now fully support mobile devices.</li>
    <li>Control Microsoft from anywhere, even when away from your desk.</li>
  </ul>

  ## Add filters to rare activity

  <ul>
    <li>Filter rare activity events by type.</li>
  </ul>

  ## User page

  <ul>
    <li>View user details with complete metadata, authentication methods, and logs.</li>
  </ul>
</Update>

<Update label="March 6, 2025">
  ## P1/P2 risk events

  <ul>
    <li>If your tenant has P1/P2 risk events, you can see them in the portal.</li>
    <li>Investigate the activity in the context of surrounding logs.</li>
  </ul>

  ## Spotlighted investigations

  <ul>
    <li>Review investigations into suspicious but ultimately benign behavior.</li>
    <li>Highlight this investigations to show the value of M365 monitoring.</li>
  </ul>

  ## Report Generator

  <ul>
    <li>Generate comprehensive reports of tenant activity.</li>
  </ul>
</Update>

<Update label="February 27, 2025">
  ## Apply filters to log exports

  <ul>
    <li>Export logs with the same filters applied in the viewer.</li>
  </ul>

  ## Add rare activity to tenant report

  <ul>
    <li>Rare activity events now included in tenant reports.</li>
  </ul>
</Update>

<Update label="February 20, 2025">
  ## New failed attack types: password spray and known malicious IP

  <ul>
    <li>Detection for password spray attacks against your tenant.</li>
    <li>Identification of connection attempts from known malicious IP addresses.</li>
    <li>Better visibility into failed attack attempts targeting your organization.</li>
  </ul>
</Update>

<Update label="February 13, 2025">
  ## Apps, devices, auth methods, directory roles tables

  <ul>
    <li>Track application usage, device access, authentication methods, and role assignments.</li>
    <li>Useful for tracking activity around an attack.</li>
  </ul>
</Update>

<Update label="February 6, 2025">
  ## Filter by not equals

  <ul>
    <li>Create exclusion filters (e.g., country not US, ISP not Comcast).</li>
    <li>Focus on activity from unexpected or non-standard sources.</li>
  </ul>

  ## Autocomplete some filters

  <ul>
    <li>Autocomplete for username, UPN, browser, OS, etc. filters as you type.</li>
    <li>Faster filter creation with suggested values from your tenant data.</li>
  </ul>
</Update>

<Update label="January 30, 2025">
  ## Share filter bar across all log sources

  <ul>
    <li>Filters in activity viewer apply across all tables (logins, Exchange, SharePoint, Teams).</li>
    <li>Maintain consistent filtering criteria when switching between different log types.</li>
  </ul>

  ## Remediation readiness panel

  <ul>
    <li>At-a-glance view of how you'll be notified of incidents.</li>
    <li>Verify your notification channels are correctly configured.</li>
  </ul>

  ## API for SIEM integration

  <ul>
    <li>API for pulling incidents using a cursor, designed for SIEM integration.</li>
    <li>Incorporate Petra incident data into your existing security workflows.</li>
  </ul>
</Update>

<Update label="January 23, 2025">
  ## Users export

  <ul>
    <li>Export all users in a tenant to spreadsheet format.</li>
    <li>Analyze user data outside of the Petra platform.</li>
  </ul>

  ## Failed attacks

  <ul>
    <li>View targeting patterns and attack toolkits used against your organization.</li>
    <li>Identify which users are being targeted, typically executives.</li>
    <li>Use this data as a sales artifact to demonstrate M365 monitoring value.</li>
  </ul>
</Update>

<Update label="January 16, 2025">
  ## Remediation controls

  <ul>
    <li>Lock down compromised accounts with a single click.</li>
    <li>For hybrid tenants, Petra renews the lock repeatedly to prevent on-prem sync from unlocking the account.</li>
  </ul>

  ## Teams integration

  <ul>
    <li>Send incident notifications to Microsoft Teams channels.</li>
    <li>Keep your security team informed through their existing communication platforms.</li>
  </ul>
</Update>

<Update label="January 9, 2025">
  ## Third party app names

  <ul>
    <li>Track third-party apps that users sign into within the activity viewer.</li>
    <li>See friendly application names instead of just application IDs.</li>
  </ul>

  ## ConnectWise integration

  <ul>
    <li>Automatically generate tickets in ConnectWise when incidents occur.</li>
    <li>Streamline incident response through your established ticketing system.</li>
  </ul>
</Update>

<Update label="January 2, 2025">
  ## Latent attacker search

  <ul>
    <li>Scan for attackers already present in the tenant before monitoring began.</li>
    <li>Identify and remediate existing compromises during the onboarding process.</li>
    <li>Get immediate security value from day one of Petra implementation.</li>
  </ul>
</Update>

<Update label="2024 Archive">
  ## An Eventful Year

  <ul>
    <li>Launched initial activity viewer with login logs</li>
    <li>Added Exchange Online activity tracking</li>
    <li>Added SharePoint and OneDrive activity tracking</li>
    <li>Added Teams activity tracking</li>
    <li>Added email notifications for incidents</li>
    <li>Added webhook notifications for incidents</li>
    <li>Built investigation tools to analyze raw logs with very low latency</li>
    <li>Added custom geolocation data enrichment to correct Microsoft's often incorrect IP geolocation</li>
    <li>Added tenant-wide activity search</li>
    <li>Built role-based access control for members in the portal</li>
    <li>Built PDF export reporting capabilities</li>
  </ul>
</Update>
