04-13-2026 09:00 AM
Hello team:
I have a question: Do you know what the new process will be for generating on-demand BPA reports via the Posture API in Strata Cloud Manager? Given the following message:
“The On-Demand BPA dashboard will be deprecated on April 30, 2026. Please transition to the new Posture API to upload your configurations for an ”on-demand“ best practice report. The new Posture API documentation can be found at”
Best regards.
04-30-2026 09:11 AM
Need to figure this out as well, this has been a standard process for assessing and streamlining our customers for year.
05-27-2026 06:56 AM
I reached out to my local channel SE in PAN and this was the response.
As of April 30, 2026, the legacy manual On-Demand BPA upload feature within the Strata Cloud Manager (SCM) and AIOps for NGFW user interface has been deprecated. This change is part of Palo Alto Networks' transition toward real-time, telemetry-driven security posture management.
The primary replacement for the traditional BPA is the Zero Trust Posture Center. This dashboard provides continuous assessment and real-time best practice verdicts based on active telemetry.
Continuous Monitoring: Eliminates the need for manual TSF uploads; security posture is updated automatically as configurations change.
Unified Visibility: View health, compliance, and best practice metrics in a single interface.
Essentials Inclusion: ZTPC is available for both SCM Essentials (free) and SCM Pro license tiers.
To use ZTPC, firewalls must be onboarded to SCM and have Device Telemetry enabled.
Navigate to Device > Setup > Telemetry in the PAN-OS WebUI.
Check Enable Telemetry.
Select the appropriate Region and commit the changes.
For environments where telemetry cannot be enabled (e.g., air-gapped or restricted sectors), the manual assessment capability has moved to the BPA Config Upload API.
Endpoint: POST /posture/checks/v1/reports/config-file-upload
Output Format: Reports are returned in JSON format. (The legacy HTML/PDF report format is no longer generated via this method).
Authentication: Requires a Service Account (Client ID and Secret) generated in SCM under System Settings > Identity & Access Management.
Documentation: Full technical specifications are available at pan.dev.
July 17, 2023: Standalone BPA tool retired from the Customer Support Portal (CSP).
April 30, 2026: On-Demand BPA UI feature removed from SCM/AIOps.
Present: All best practice assessments should be performed via ZTPC (Telemetry) or the Posture API (Config Upload).
I hope that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
