check before: 2026-04-30
Product:
Purview, Purview Communication Compliance, Purview Data Loss Prevention, Windows
Platform:
Online, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message
Links:
Details:
Summary:
Starting late April 2026, Always-on diagnostics for Endpoint DLP will be enabled by default on Windows devices in Microsoft Purview, storing diagnostic logs locally for 90 days. Admins can opt out anytime via the Purview portal. This improves troubleshooting and support efficiency but opting out may hinder issue resolution.
Details:
Updated April 14, 2026: We have updated the timeline. Thank you for your patience.
[Introduction]
Starting in the last week of April 2026, Always-on diagnostics for Endpoint Data Loss Prevention (DLP) will be turned on by default for onboarded Windows devices in Microsoft Purview. Endpoint DLP diagnostic traces including policy evaluation logs, file classification results, enforcement actions, and error states are stored locally on the device in a secure, compressed proprietary format for up to 90 days. This collection helps eliminate the need to reproduce issues during Microsoft Support investigations. The ability to request that Microsoft collects critical diagnostic data as part of a support case will also be enabled. Endpoint diagnostic logs that you choose can then be securely shared with Microsoft for troubleshooting, reducing investigation effort and accelerating time to resolution for Endpoint DLP issues.
[When this will happen:]
General Availability (Worldwide): This change will go into effect late April 2026 (previously mid-April)
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-03-17
updated:
2026-04-15
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Increased Troubleshooting Efficiency
With Always-on diagnostics enabled, troubleshooting and support investigations will be more efficient, reducing the time taken to resolve issues.
- roles: IT Admin, Support Staff
- references: https://learn.microsoft.com/purview/dlp-always-on-diagnostics, https://techcommunity.microsoft.com/blog/microsoft-security-blog/always%E2%80%91on-diagnostics-for-purview-endpoint-dlp-effortless-zero%E2%80%91friction-troubles/4479008
Prolonged Investigation Times if Opted Out
If admins opt out of the Always-on diagnostics, it may lead to prolonged investigation times and increased difficulty in identifying and resolving Endpoint DLP issues.
- roles: IT Admin, Compliance Officer
- references: https://learn.microsoft.com/purview/dlp-always-on-diagnostics, https://techcommunity.microsoft.com/blog/microsoft-security-blog/always-on-diagnostics-for-endpoint-dlp/4435551
Reduced Visibility into Policy Behavior
Without the diagnostics enabled, organizations may experience reduced visibility into policy behavior, making it harder to monitor compliance and security.
- roles: IT Admin, Security Analyst
- references: https://learn.microsoft.com/purview/dlp-always-on-diagnostics, https://techcommunity.microsoft.com/blog/microsoft-security-blog/always-on-diagnostics-for-endpoint-dlp/4435551
Increased User Impact During Issues
Opting out may lead to increased user impact during DLP issues, as admins may need to engage end users more frequently to reproduce issues.
- roles: Helpdesk Staff, End Users
- references: https://learn.microsoft.com/purview/dlp-always-on-diagnostics, https://techcommunity.microsoft.com/blog/microsoft-security-blog/always%E2%80%91on-diagnostics-for-purview-endpoint-dlp-effortless-zero%E2%80%91friction-troubles/4479008
Compliance Monitoring Challenges
The lack of diagnostic data may hinder the ability to monitor and report on compliance activities effectively, impacting regulatory adherence.
- roles: Compliance Officer, IT Admin
- references: https://learn.microsoft.com/purview/dlp-always-on-diagnostics, https://techcommunity.microsoft.com/blog/microsoft-security-blog/always-on-diagnostics-for-endpoint-dlp/4435551
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-04-15 | MC MessageTagNames | Feature update, Admin impact | Updated message, Feature update, Admin impact |
| 2026-04-15 | MC Summary | Starting mid-April 2026, Always-on diagnostics for Endpoint DLP will be enabled by default on Windows devices, storing diagnostic logs locally for 90 days to aid troubleshooting. Admins can opt out anytime via Microsoft Purview. This improves issue resolution but may affect investigation efficiency if disabled. | Starting late April 2026, Always-on diagnostics for Endpoint DLP will be enabled by default on Windows devices in Microsoft Purview, storing diagnostic logs locally for 90 days. Admins can opt out anytime via the Purview portal. This improves troubleshooting and support efficiency but opting out may hinder issue resolution. |
| 2026-04-15 | MC Last Updated | 03/06/2026 22:22:19 | 2026-04-14T18:45:01Z |
| 2026-04-15 | MC Messages | [Introduction]
Starting in the second week of April 2026, Always-on diagnostics for Endpoint Data Loss Prevention (DLP) will be turned on by default for onboarded Windows devices in Microsoft Purview. Endpoint DLP diagnostic traces including policy evaluation logs, file classification results, enforcement actions, and error states are stored locally on the device in a secure, compressed proprietary format for up to 90 days. This collection helps eliminate the need to reproduce issues during Microsoft Support investigations. The ability to request that Microsoft collects critical diagnostic data as part of a support case will also be enabled. Endpoint diagnostic logs that you choose can then be securely shared with Microsoft for troubleshooting, reducing investigation effort and accelerating time to resolution for Endpoint DLP issues. [When this will happen:] General Availability (Worldwide): This change will go into effect mid-April 2026 | Updated April 14, 2026: We have updated the timeline. Thank you for your patience.
[Introduction] Starting in the last week of April 2026, Always-on diagnostics for Endpoint Data Loss Prevention (DLP) will be turned on by default for onboarded Windows devices in Microsoft Purview. Endpoint DLP diagnostic traces including policy evaluation logs, file classification results, enforcement actions, and error states are stored locally on the device in a secure, compressed proprietary format for up to 90 days. This collection helps eliminate the need to reproduce issues during Microsoft Support investigations. The ability to request that Microsoft collects critical diagnostic data as part of a support case will also be enabled. Endpoint diagnostic logs that you choose can then be securely shared with Microsoft for troubleshooting, reducing investigation effort and accelerating time to resolution for Endpoint DLP issues. [When this will happen:] General Availability (Worldwide): This change will go into effect late April 2026 (previously mid-April) |
| 2026-04-15 | MC How Affect | Who is affected:
Organizations using Endpoint Data Loss Prevention (DLP) on Windows devices Admins managing Endpoint DLP settings in Microsoft Purview What will happen: From the date of this Message Center post through the second week of April 2026, admins may choose to opt out of this setting in the Microsoft Purview portal. If an admin opts out during this period, their selection will be respected, and the setting will remain unchanged. If no action is taken, diagnostics will be automatically enabled in the second week of April 2026, after which admins can opt out at any time via the existing settings. Note: Opting out of Always-on diagnostics may hinder your ability to effectively troubleshoot issues that arise in Endpoint Data Loss Prevention scenarios. Without this feature, organizations may experience prolonged investigation times, reduced visibility into policy behavior, and increased difficulty identifying and resolving Endpoint DLP issues. Keeping Always-on diagnostics enabled helps support the security, reliability, and operational stability of your environment. | Who is affected:
Organizations using Endpoint Data Loss Prevention (DLP) on Windows devices Admins managing Endpoint DLP settings in Microsoft Purview What will happen: From the date of this Message Center post through the last week of April 2026, admins may choose to opt out of this setting in the Microsoft Purview portal. If an admin opts out during this period, their selection will be respected, and the setting will remain unchanged. If no action is taken, diagnostics will be automatically enabled in the last week of April 2026, after which admins can opt out at any time via the existing settings. Note: Opting out of Always-on diagnostics may hinder your ability to effectively troubleshoot issues that arise in Endpoint Data Loss Prevention scenarios. Without this feature, organizations may experience prolonged investigation times, reduced visibility into policy behavior, and increased difficulty identifying and resolving Endpoint DLP issues. Keeping Always-on diagnostics enabled helps support the security, reliability, and operational stability of your environment. |
| 2026-04-15 | MC Title | Always-on diagnostics for Endpoint DLP – Turned on by default | (Updated) Always-on diagnostics for Endpoint DLP – Turned on by default |
| 2026-04-15 | MC End Time | 05/18/2026 09:00:00 | 2026-06-01T09:00:00Z |
Last updated 1 month ago ago
