Unverified devices connecting to Palo Alto Networks cloud services create significant security vulnerabilities. Without strong client-side authentication enforcement, you risk unauthorized access and potential compromise of your cloud instances.

Starting February 11 2026, Palo Alto Networks will begin a strict Device Certificate Enforcement for the following cloud-delivered security services to address this risk:

To avoid immediate service disruption, Palo Alto Networks will provide a 30-day grace to install the device certificate on all impacted and to remediate issues. After the 30-day grace period, any device without a device certificate installed will be unable to connect to any of the cloud-delivered security services listed above. To avoid service disruption, you must ensure that all your devices have a valid device certificate installed before the 30-day grace period ends.