Endpoint users: Perform these steps on individual client workstations
Click Policies, select the desired Built-in policy and then select the policy that you want to modify.
Click Actions → Edit.
Click Settings → Tools → Diagnostics.
Expand the Advanced logging tab. Click the slider bar next to Enable Network protection advanced logging.
Click Assign → Assign.
Select the check boxes next to each computer or group you want this policy assigned to and click OK.