![Endpoint Data Loss Prevention: Always-on diagnostics for Windows Endpoints (Phase 2) [MC1181277]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-pixabay-209728-1024x683.webp "Endpoint Data Loss Prevention: Always-on diagnostics for Windows Endpoints (Phase 2) [MC1181277] 1")
[Introduction]
To support faster, more seamless investigations, Microsoft is introducing Always-on diagnostics for Windows endpoints (Phase 2). This enhancement allows admins to retrieve diagnostic traces directly from Windows devices and selectively upload them to Microsoft via the Purview portal—without disrupting end users. This update is based on customer feedback to reduce friction during support escalations and improve troubleshooting efficiency.This message is associated with Roadmap ID 499431.
[When this will happen:]
Public Preview (Worldwide): Rollout begins in late October 2025 and completes by late October 2025.General Availability (Worldwide): Rollout begins in mid-February 2026 and completes by late February 2026.
[How this affects your organization:
- Who is affected: Admins managing Endpoint Data Loss Prevention (DLP) on Windows endpoints via Microsoft Purview.
- What will happen:
- Admins can retrieve Always-on diagnostic traces from Windows endpoints.
- Traces can be selectively uploaded to Microsoft through the Purview portal during investigations (e.g., support ticket submission).
- No user interaction or disruption is required, and admins can reference the upload request number to Microsoft Support for investigations.
- The feature enhances eDLP troubleshooting capabilities without impacting Information worker productivity.
- This capability is integrated into the existing Endpoint DLP experience.
[What you can do to prepare:]
- No immediate action is required to enable this feature.
- Communicate this capability to your security and helpdesk teams to streamline future investigations.
- Update internal documentation if you maintain support workflows involving Endpoint DLP.
- Learn more: Always-on diagnostics for endpoint DLP | Microsoft Learn
[Compliance considerations:]
| Question | Explanation |
|---|---|
| Does the change store new customer data, if so, where, and is the data cached or permanently stored? | Diagnostic traces will be uploaded to Microsoft during investigations. These are selectively uploaded by admins and stored in Microsoft systems for support purposes. |
| Does the change include an admin control and, can it be controlled through Entra ID group membership? | Yes, there is an admin control. Access is role-based (Global, Compliance, Security Admin) and managed via Entra ID roles |
Source: Microsoft
![Frontier Admin Control User Assignment Changes [MC1181201]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-chetanvlad-2600312-96x96.webp "Frontier Admin Control User Assignment Changes [MC1181201] 6")