check before: 2026-04-15
Product:
Purview, Purview Communication Compliance, Purview Data Loss Prevention, Windows
Platform:
Online, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Summary:
Starting mid-April 2026, Always-on diagnostics for Endpoint DLP will be enabled by default on Windows devices, storing diagnostic logs locally for 90 days to aid troubleshooting. Admins can opt out anytime via Microsoft Purview. This improves issue resolution but may affect investigation efficiency if disabled.
Details:
[Introduction]
Starting in the second week of April 2026, Always-on diagnostics for Endpoint Data Loss Prevention (DLP) will be turned on by default for onboarded Windows devices in Microsoft Purview. Endpoint DLP diagnostic traces including policy evaluation logs, file classification results, enforcement actions, and error states are stored locally on the device in a secure, compressed proprietary format for up to 90 days. This collection helps eliminate the need to reproduce issues during Microsoft Support investigations. The ability to request that Microsoft collects critical diagnostic data as part of a support case will also be enabled. Endpoint diagnostic logs that you choose can then be securely shared with Microsoft for troubleshooting, reducing investigation effort and accelerating time to resolution for Endpoint DLP issues.
[When this will happen:]
General Availability (Worldwide): This change will go into effect mid-April 2026
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-03-17
updated:
2026-03-17
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Prolonged Investigation Times
Opting out of Always-on diagnostics may lead to longer investigation times for Endpoint DLP issues due to lack of diagnostic data.
- roles: Admins, Security Teams
- references: https://learn.microsoft.com/purview/dlp-always-on-diagnostics, https://techcommunity.microsoft.com/blog/microsoft-security-blog/always%E2%80%91on-diagnostics-for-purview-endpoint-dlp-effortless-zero%E2%80%91friction-troubles/4479008
Reduced Visibility into Policy Behavior
Without Always-on diagnostics, organizations may have reduced visibility into how DLP policies are functioning, complicating compliance and security efforts.
- roles: Admins, Compliance Teams
- references: https://learn.microsoft.com/purview/dlp-always-on-diagnostics, https://techcommunity.microsoft.com/blog/microsoft-security-blog/always-on-diagnostics-for-endpoint-dlp/4435551
Increased Difficulty in Issue Resolution
Disabling Always-on diagnostics can make it harder to identify and resolve Endpoint DLP issues, potentially leading to security vulnerabilities.
- roles: Admins, Helpdesk Teams
- references: https://learn.microsoft.com/purview/dlp-always-on-diagnostics, https://techcommunity.microsoft.com/blog/microsoft-security-blog/always%E2%80%91on-diagnostics-for-purview-endpoint-dlp-effortless-zero%E2%80%91friction-troubles/4479008
Impact on User Experience
Users may experience delays in issue resolution if admins opt out of Always-on diagnostics, leading to frustration and decreased productivity.
- roles: End Users, Helpdesk Teams
- references: https://learn.microsoft.com/purview/dlp-always-on-diagnostics, https://techcommunity.microsoft.com/blog/microsoft-security-blog/always-on-diagnostics-for-endpoint-dlp/4435551
Compliance Monitoring Challenges
The absence of Always-on diagnostics may hinder the ability to monitor and report on compliance activities effectively, risking non-compliance.
- roles: Compliance Teams, Admins
- references: https://learn.microsoft.com/purview/dlp-always-on-diagnostics, https://techcommunity.microsoft.com/blog/microsoft-security-blog/always%E2%80%91on-diagnostics-for-purview-endpoint-dlp-effortless-zero%E2%80%91friction-troubles/4479008
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
