Always-On Diagnostics feature for Endpoint DLP

Always-On Diagnostics feature for Endpoint DLP will keep diagnostic logs for up to 90 days on Windows endpoints. If an Endpoint Data Loss Prevention (DLP) policy fails, you don’t need to ask users to reproduce the issue. The system automatically logs all relevant trace data locally. Phase 1 (available now) lets users retrieve logs using the Defender Client Analyzer tool—without needing admin privileges. Phase 2 (coming September 2025) will let admins pull logs directly via the Purview portal. This update means support tickets can be resolved up to 60% faster and end users won't be interrupted while diagnostics gather data. Getting started is easy, you simply enable Always On Diagnostics in the Purview portal under Endpoint DLP settings, set storage limits (500–1500 MB up to 90 days), and it works automatically on supported devices. www.ChironIT.com #ChironIT #Microsoft365 #CyberSecurity #InfoSec