top of page
Search

Petra Security: The ML-Powered Identity Sentinel You Wish Microsoft Built

  • Jul 14
  • 3 min read

Updated: Jul 15

ree

------------------------------------------------------------------------------------------------------------

A few days ago, I left my job. Yup — packed up my virtual desk, dropped a goodbye emoji in Slack, and thought, “I’m finally free! I’ll take a break, maybe two or three weeks off. No writing, no tech, just peace.”


Fast forward to today — and what the hell am I doing?

Writing. Again. Like some kind of caffeine-powered content gremlin who just can’t stay away from tech blogs.


------------------------------------------------------------------------------------------------------------

Before we dive in...

Huge shoutout to J — you know who you are! I know everyone’s dying to know his full name, but let me check with the man himself before I start blowing up his phone with fame.

Just know this: without J, this article wouldn’t exist, and I'd probably still be staring at a blank page. Thanks, legend.

-----------------------------------------------------------------------------------------------------------


When I first came across Petra, I honestly wasn’t expecting to be this impressed.

Petra is an OAuth-based security app for Microsoft 365 that does one thing — and does it incredibly well: identity threat detection. Think of it as what Microsoft’s Entra P1/P2 should’ve been — except smarter, more accurate, and way less expensive.


------------------------------------------------------------------------------------------------------------

🔍 What is Petra?

Petra works by ingesting Microsoft Entra ID (formerly Azure AD) audit logs in real time. It doesn't need an agent, and it doesn't demand heavy configuration. All you do is send your client an authorization link, and once the Microsoft 365 admin approves the Petra app (with read access to audit data), Petra starts pulling the logs.


That’s it. You’re up and running.

No endpoint integration, no Defender licensing nightmares, no P2 tax. Just raw, real-time analysis of identity logs.

And here’s the best part — it works even with the most basic Microsoft 365 license, unlike Microsoft’s native "risky users/logins" features that require a full P2 license per user.

-------------------------------------------------------------------------------------------------------------


🤯 How It Works (and Why It’s So Accurate)

Petra is built by a team of mathematicians — and honestly, it shows.

Instead of relying on basic rule matching or threshold-based alerts, Petra runs ML models that evaluate 20–30 behavioral signals per user.


This includes:

  • Login geography and frequency

  • Time-of-day access patterns

  • Operating system and browser fingerprinting

  • ISP profiling

  • Travel history and anomalies

  • And more…


Whenever a new audit event is pulled, it’s passed through Petra’s behavioral models. These models are constantly learning and evolving, tailored to each environment, and shockingly precise.


I’ve been in cybersecurity for years — and I don't say this lightly — Petra’s accuracy has completely changed the game for me when it comes to identity monitoring. (From - @J)

Now for me

I got a chance to speak with someone, and their philosophy is clear: "Every identity has a fingerprint. You just need to look in the right places."

That’s exactly what Petra does.

-------------------------------------------------------------------------------------------------------------


🔐 What About Write Access?

By default, Petra is read-only. But there’s an optional write access feature (which I’ve personally enabled) that allows Petra to:


  • Lock user accounts

  • Kill active sessions

  • Cut off live threats in real-time


This turns Petra from just a passive observer into a proactive response engine. And again, it's all scoped and approved via OAuth — so no messy script permissions or service accounts floating around.


-------------------------------------------------------------------------------------------------------------

🧠 Petra vs. Entra P2

Let’s be honest: Microsoft’s "Risky Users" and "Risky Logins" often feel like they were built a decade ago. Detection is slow, imprecise, and gated behind expensive licenses. Petra steps in as a modern, ML-powered alternative that:


  • Doesn’t require P2 licensing (If you have that's awesome)

  • Is far more accurate

  • Offers real-time detection and optional automated remediation

  • Works out of the box without complex integrations


-------------------------------------------------------------------------------------------------------------


🚫 Why It’s M365 Only (For Now)

I asked whether Petra might expand to other ecosystems like Google Workspace, but realistically, it’s unlikely. The Entra audit logs are rich, detailed, and consistent, making them ideal for behavioral modeling. In contrast, Google’s logs lack the depth and granularity Petra depends on. (From - @J)


So for now, Petra is focused on Microsoft 365 — and honestly, that’s more than enough. Because identity remains the most exploited attack surface in enterprise environments.

-------------------------------------------------------------------------------------------------------------


💬 @J Thoughts

No tool in recent memory has immediately reduced my workload and boosted my confidence like Petra has. It’s the kind of solution I wish I had years ago.

Identity-based breaches are notoriously hard to detect. But with Petra, I can honestly say: If something weird happens in your tenant — you’ll know about it. Fast.

I’d love to see Petra in 100 client environments today. That’s how confident I am.

-------------------------------------------------------------------------------------------------------------


✍️ Coming Up Next

Article Name: (Petra Security: The UI, the Logs, and Why I Genuinely Prefer It Over Microsoft Sentinel)

If you’re running a Microsoft 365 environment and identity is your top concern — you owe it to yourself.

Stay tuned. 🔐





 
 
 

Comments

bottom of page