# Best Practice Analyser {% hint style="warning" %} BPA is currently on a deprecation path. While there is no current date for deprecation, the functionality will not be expanded. The testing engine in [CIPP Dashboard](/user-documentation/dashboard.md) v2 will replace the BPA. {% endhint %} The **Best Practice Analyzer (BPA)** is a tool within CIPP designed to help audit and improve Microsoft 365 environments. It provides a detailed framework for ensuring your setup is secure and compliant with industry and organizational standards. *** ## **What is the BPA?** At its core, the BPA is built to: * **Assess Tenants Against Best Practices:** Perform comprehensive audits to uncover misconfigurations or compliance risks. * **Run on a Scheduled Basis:** By default, it refreshes data once daily for accurate reporting. * **Leverage CIPP Framework Standards:** Use predefined, community-driven standards tailored to MSPs and IT professionals. * **Provide Insight-Only Reports:** BPA reports findings but leaves decision-making and changes to the administrator. *** ## **Viewing Your BPA Reports** * **Navigate to:** `Tenant Administration > Standards > Best Practice Analyzer`. * **Run Initial Data Refresh:** Select **“Force Refresh All Data”** if this is your first time displaying it. {% hint style="info" %} To replicate the functionality of the "Force Refresh All Data" button, you can use the `/api/ExecBPA`API endpoint. {% endhint %} {% hint style="warning" %} **Note:** Larger environments (e.g., 100+ tenants) may take \~15 minutes per run. {% endhint %} ### **Report Types** 1. **Pre-Built Reports** * Use templates like **CIPP Best Practices Table View** for baseline compliance checks. 2. **Custom Reports (Advanced)** * Define custom reports to specify data sources, fields, and display formats. * For further details, check out the community guidance added to the [Custom Reports](/user-documentation/tenant/standards/bpa-report/builder.md) page ### **Interpreting BPA Results** The BPA uses a traffic-light system for quick, visual feedback: * **🟥 Red:** Critical issues demanding immediate attention (e.g., unprotected global admin accounts). * **🟧 Orange:** Warnings or recommendations—optional but strongly advised (e.g., enabling MFA for non-admin users). * **🟩 Green:** All good! Configuration aligns with best practices. *** ## **Common Snags and Fixes** 1. **Partial Data?** * Likely an issue with your **Refresh Token**. * Run the **Access Check** via: `CIPP Settings > Configuration Settings > Tenant Access Check`. 2. **Slow Refresh Times?** * Make sure permissions are correct. Navigate to:\ `CIPP Settings > Configuration Settings > Run Permission Check`. 3. **API Compatibility (Self-Hosted Only):** * Ensure both **CIPP-API** and **CIPP platform** are up to date. The system logs (via the CIPP-API Function App) are your best friend for debugging. *** {% hint style="warning" %} ### **Key Considerations for Efficient BPA Usage** **Understand Execution Times:** Forcing a refresh runs across your entire environment and may take some time. Use sparingly. Reports are refreshed nightly by default. **Permissions:** Validate required permissions with `Run Permission Check` and troubleshoot invalid refresh tokens with `Tenant Access Check`. {% endhint %} *** ## Feature Requests / Ideas We value your feedback and ideas. Please raise any [feature requests](https://github.com/KelvinTegelaar/CIPP/issues/new?template=feature.yml) on GitHub. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cipp.app/user-documentation/tenant/standards/bpa-report.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.