diff --git a/src/content/docs/cloudflare-one/account-limits.mdx b/src/content/docs/cloudflare-one/account-limits.mdx
index 27267e589ad0dc..20698147c6814f 100644
--- a/src/content/docs/cloudflare-one/account-limits.mdx
+++ b/src/content/docs/cloudflare-one/account-limits.mdx
@@ -66,6 +66,10 @@ This page lists the default account limits for rules, applications, fields, and
 | Feature           | Limit |
 | ----------------- | ----- |
 | Tests per account | 10    |
+| Remote captures per day (Free users)  |  100 |
+| Remote captures per day (Pay-as-you-go users)  |  200 |
+| Remote captures per day (Enterprise users)  |  800 |
+
 
 ## Maximum number of characters
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx
index 6cd748402eedbe..999793deb35154 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx
@@ -1,6 +1,6 @@
 ---
 pcx_content_type: reference
-title: Debug logs
+title: Diagnostic logs
 sidebar:
   order: 7
 ---
@@ -13,7 +13,7 @@ The WARP client provides diagnostic logs that you can use to troubleshoot connec
 
 ### Retrieve logs
 
-To view debug logs on desktop devices:
+To view WARP logs on desktop devices:
 
 <Tabs> <TabItem label="macOS">
 
@@ -47,50 +47,85 @@ This will place a `warp-debugging-info-<date>-<time>.zip` in the same folder you
 
 </TabItem> </Tabs>
 
+:::note
+You can also use Digital Experience Monitoring to run `warp-diag` commands on remote devices. For more information, refer to [Remote captures](/cloudflare-one/insights/dex/remote-captures/).
+:::
+
 ### `warp-diag` logs
 
 The `warp-debugging-info-<date>-<time>.zip` archive contains the following files:
 
-| File name                                                                                           | Description                                                                                                                                                                                                                                                                                                                                 |
-| --------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `boringtun.log`                                                                                     | Log for the WARP tunnel that serves traffic from the device to Cloudflare's global network.                                                                                                                                                                                                                                                 |
-| `connectivity.txt`                                                                                  | DNS resolution and HTTP trace requests to [validate a successful connection](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#connectivity-check).                                                                                                                                                                     |
-| `daemon.log`                                                                                        | Detailed log of all actions performed by the WARP client, including all communication between the device and Cloudflare's global network. **Note:** This is the most useful debug log.                                                                                                                                                      |
-| `daemon_dns.log`                                                                                    | Contains detailed DNS logs if **Log DNS queries** was enabled on WARP.                                                                                                                                                                                                                                                                      |
-| `date.txt`                                                                                          | Date and time (UTC) when you ran the `warp-diag` command.                                                                                                                                                                                                                                                                                   |
-| `dns-check.txt`                                                                                     | Verifies that the WARP DNS servers are set as system default. For [operating modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) where DNS filtering is enabled, this file contains the IPs of the local WARP DNS proxy (`127.0.2.2:0`, `127.0.2.3:0`, `[fd01:db8:1111::2]:0`, and `[fd01:db8:1111::3]:0`). |
-| `dns_stats.log`                                                                                     | Statistics on the DNS queries received and resolved by WARP, generated every two minutes.                                                                                                                                                                                                                                                   |
-| `etc-hosts.txt`                                                                                     | Static DNS config of device.                                                                                                                                                                                                                                                                                                                |
-| `gui-launcher.log`                                                                                  | macOS console log showing application launch                                                                                                                                                                                                                                                                                                |
-| `gui-log.log`                                                                                       | Log file for the GUI app that users interact with.                                                                                                                                                                                                                                                                                          |
-| `hostname.txt`                                                                                      | Name of the device.                                                                                                                                                                                                                                                                                                                         |
-| `ifconfig.txt` <br/> `ipconfig.txt`                                                                 | IP configuration of each network interface.                                                                                                                                                                                                                                                                                                 |
-| `installer.log`                                                                                     | MSI or PKG installation log                                                                                                                                                                                                                                                                                                                 |
-| `local_policy_redacted.txt`                                                                         | [Managed deployment parameters](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/) on the device.                                                                                                                                                                                                      |
-| `netstat.txt` <br/> `routetable.txt`                                                                | Routing table used by the device.                                                                                                                                                                                                                                                                                                           |
-| `netstat-v6.txt`                                                                                    | IPv6 routing table (Linux only).                                                                                                                                                                                                                                                                                                            |
-| `platform.txt`                                                                                      | Operating system of the device.                                                                                                                                                                                                                                                                                                             |
-| `ps.txt` <br/> `processes.txt`                                                                      | List of all active processes on the device when `warp-diag` was run.                                                                                                                                                                                                                                                                        |
-| `resolv.conf`                                                                                       | The contents of the `/etc/resolv.conf` file on Mac/Linux, where system DNS servers are configured.                                                                                                                                                                                                                                          |
-| `route.txt`                                                                                         | Output from the `route get` command used to verify that network traffic is going over the correct interface.                                                                                                                                                                                                                                |
-| `scutil-dns.txt`                                                                                    | DNS configuration on Mac/Linux (available in `ipconfig.txt` on Windows).                                                                                                                                                                                                                                                                    |
-| `scutil-proxy.txt`                                                                                  | Proxy configuration on Mac/Linux (available in `ipconfig.txt` on Windows).                                                                                                                                                                                                                                                                  |
-| `stats.log`                                                                                         | Uptime and throughput stats for the WARP tunnel, generated every two minutes.                                                                                                                                                                                                                                                               |
-| `sw-vers.txt`                                                                                       | Operating system of the device.                                                                                                                                                                                                                                                                                                             |
-| `sysinfo.json`                                                                                      | CPU and memory usage when `warp-diag` was run. This information is useful for determining whether slow speeds are due to heavy system load.                                                                                                                                                                                                 |
-| `systeminfo.txt` <br/> `system-profile.txt`                                                         | System software overview.                                                                                                                                                                                                                                                                                                                   |
-| `timezone.txt`                                                                                      | Local timezone of the device specified as a UTC offset.                                                                                                                                                                                                                                                                                     |
-| `traceroute.txt`                                                                                    | Traceroute to the [WARP ingress IPs](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#warp-ingress-ip) showing the path from the device to Cloudflare's global network.                                                                                                                                                |
-| `uname.txt`                                                                                         | Linux-only system information including kernel version.                                                                                                                                                                                                                                                                                     |
-| `v4interfaces.txt` <br/> `v4subinterfaces.txt` <br/> `v6interfaces.txt` <br/> `v6subinterfaces.txt` | IPv4 and IPv6 network configuration on Windows.                                                                                                                                                                                                                                                                                             |
-| `version.txt`                                                                                       | [WARP client version](/cloudflare-one/connections/connect-devices/warp/download-warp/) installed on the device.                                                                                                                                                                                                                             |
-| `warp-account.txt`                                                                                  | WARP client device enrollment information.                                                                                                                                                                                                                                                                                                  |
-| `warp-device-posture.txt`                                                                           | [Device posture data](/cloudflare-one/identity/devices/warp-client-checks/) obtained by the WARP client.                                                                                                                                                                                                                                    |
-| `warp-dns-stats.txt`                                                                                | Summary of recent DNS queries on the device since `dns-stats.log` was generated.                                                                                                                                                                                                                                                            |
-| `warp-network.txt`                                                                                  | Network settings on the device detected by WARP.                                                                                                                                                                                                                                                                                            |
-| `warp-settings.txt`                                                                                 | [WARP client settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/) applied to the device.                                                                                                                                                                                                               |
-| `warp-stats.txt`                                                                                    | Uptime and throughput of the WARP tunnel since `stats.log` was generated.                                                                                                                                                                                                                                                                   |
-| `warp-status.txt`                                                                                   | Status of WARP switch (`Connected` or `Disconnected`).                                                                                                                                                                                                                                                                                      |
+| File name  | Description   |
+| --- | --- |
+| `.qlog`| QLog files used to debug MASQUE connection issues.|
+| `.pcap` | Packet capture (PCAP) files that were manually generated using `warp-cli debug pcap` commands. |
+| `alternate-networks-check.txt` | Connectivity status for each [managed network](/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks/). |
+| `boringtun.log` | Log for the WARP tunnel that serves traffic from the device to Cloudflare's global network. |
+| `bound-dns-ports.txt` | Active processes on port `53`.  |
+| `captive-portal-hotspot-detect.txt` | HTTP response of `captive.apple.com`|
+| `connectivity.txt`  | DNS resolution and HTTP trace requests to [validate a successful connection](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#connectivity-check). Can be used to determine whether traffic is routing through the WARP tunnel. |
+| `daemon_dns.log` | Contains detailed DNS logs if **Log DNS queries** is enabled in the WARP client. |
+| `daemon.log`                                                                                        | Detailed log of all actions performed by the WARP client, including all communication between the device and Cloudflare's global network. **Note:** This is the most useful debug log.   |
+| `date.txt`  | Date and time (UTC) when you ran the `warp-diag` command.  |
+| `dex.log`  | Logs related to [DEX test](/cloudflare-one/insights/dex/tests/) execution. |
+| `dhcp-lease-plists.txt`  | DHCP lease information from `/var/db/dhcpclient/leases/` for each interface that has a DHCP lease. |
+| `dhcp-lease.txt`  | DHCP lease information from `ipconfig` (macOS) or `nmcli` (Linux). |
+| `dig.txt`  | DNS lookup query output for `cloudflare.com` and `apple.com`. |
+| `dns_stats.log`  | Statistics on the DNS queries received and resolved by WARP, generated every two minutes.  |
+| `dns-check.txt` | Verifies that the WARP DNS servers are set as system default. For [operating modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) where DNS filtering is enabled, this file contains the IPs of the local WARP DNS proxy (`127.0.2.2:0`, `127.0.2.3:0`, `[fd01:db8:1111::2]:0`, and `[fd01:db8:1111::3]:0`). |
+| `dynamic.log` | Reserved for use by Cloudflare Support. |
+| `etc-hosts.txt`  | Static DNS config of device.  |
+| `firewall-pfctl-all.txt` | Packet filter (pf) firewall configuration (macOS only). |
+| `firewall-rules.txt` | The [system firewall rules](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#system-firewall) configured by WARP. |
+| `gui-launcher.log` | macOS console log showing application launch.  |
+| `gui-log.log`  | Log file for the GUI app that users interact with. |
+| `hostname.txt` | Name of the device.  |
+| `ifconfig.txt` <br/> `ipconfig.txt`  | IP configuration of each network interface.  |
+| `installed_applications.txt` | List of installed applications. |
+| `installed_cert.pem` | [Root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) installed on the system. |
+| `installer.log` <br/> `msi-installer.log` | MSI or PKG installation log.|
+| `InstallHistory.plist` <br/> `macos_installer.log` | macOS software installation logs. |
+| `ipc.log` | Logs IPC communication between the GUI and daemon. Useful for situations where the GUI crashes or is unable to communicate with the daemon. |
+| `kernel-modules.txt` | List of loaded kernel modules (macOS and Linux) or drivers (Windows).|
+| `launchd-dumpstate.txt` | Current state of the macOS `launchd system` including the loaded jobs, their status, and dependencies. |
+| `local_policy.redacted.txt`<br/> `mdm.plist` <br/> `mdm.xml`| [Managed deployment parameters](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/) on the device. |
+| `lsb-release.txt` |  Output from the `lsb_release` command (Linux only). |
+| `netstat.txt` <br/> `routetable.txt` | Routing table used by the device.  |
+| `netstat-v6.txt` | IPv6 routing table (Linux only). |
+| `platform.txt` | Operating system of the device.  |
+| `ps.txt` <br/> `processes.txt` | List of all active processes on the device when `warp-diag` was run.  |
+| `resolv.conf` | The contents of the `/etc/resolv.conf` file on Mac/Linux, where system DNS servers are configured. |
+| `route.txt` | Output from the `ip route get` command, used to verify that network traffic is going over the correct interface. You can optionally use the `warp-diag --enable-all-routes` flag to include tests for all IPs and domains in your Split Tunnel configuration. |
+| `scutil-dns.txt` | DNS configuration on macOS/Linux (available in `ipconfig.txt` on Windows).  |
+| `scutil-networkinfo.txt` | IPv4 and IPv6 network interface configuration on macOS (available in `interfaces-config.txt` on Windows). |
+| `scutil-proxy.txt` | Proxy configuration on macOS/Linux (available in `ipconfig.txt` on Windows).  |
+| `snapshots-collection.log` | Logs generated when collecting `snapshots/*.log`. Used to debug why WARP failed to collect a snapshot. |
+| `snapshots/*.log` | Diagnostics generated when an error occurs. |
+| `stats.log`  | Uptime and throughput stats for the WARP tunnel, generated every two minutes.  |
+| `sw-vers.txt`  | Operating system of the device.  |
+| `sysinfo.json` | CPU and memory usage when `warp-diag` was run. This information is useful for determining whether slow speeds are due to heavy system load.  |
+| `system-extension-diagnostics.txt` | Status and health of loaded system extensions (macOS only). |
+| `systeminfo.txt` <br/> `system-profile.txt` | System software overview.  |
+| `System.evtx` | Windows system event log. |
+| `taskdump.log` | If the daemon hangs, this file will contain a dump of the currently running processes. This is helpful in debugging hangs, deadlocks, and tasks. |
+| `timezone.txt`  | Local timezone of the device specified as a UTC offset. |
+| `traceroute.txt` | Traceroute to the [WARP ingress IPs](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#warp-ingress-ip) showing the path from the device to Cloudflare's global network. |
+| `uname.txt`  | Linux-only system information including kernel version. |
+| `v4interfaces.txt` <br/> `v4subinterfaces.txt` <br/> `v6interfaces.txt` <br/> `v6subinterfaces.txt` | IPv4 and IPv6 network configuration on Windows.   |
+| `version.txt`  | [WARP client version](/cloudflare-one/connections/connect-devices/warp/download-warp/) installed on the device. |
+| `warp-account.txt` | WARP client device enrollment information.  |
+| `warp-bus-metrics.txt` | Metrics for the internal message bus framework used by the WARP client. |
+| `warp-device-posture.txt` | Current [device posture](/cloudflare-one/identity/devices/warp-client-checks/) status. |
+| `warp-dex-data.txt` | Currently configured [DEX tests](/cloudflare-one/insights/dex/tests/) and their most recent statuses. |
+| `warp-dns-fallbacks.txt` | List of default DNS fallbacks used by the WARP DNS proxy. |
+| `warp-dns-lock.json` | Default DNS providers and network interface information. |
+| `warp-dns-stats.txt` | Summary of recent DNS queries on the device since `dns-stats.log` was generated.  |
+| `warp-network.txt` | Network settings on the device detected by WARP.  |
+| `warp-settings.txt`  | [WARP client settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/) applied to the device.  |
+| `warp-stats.txt` | Uptime and throughput of the WARP tunnel since `stats.log` was generated. |
+| `warp-status.txt` | Status of WARP switch (`Connected` or `Disconnected`). |
+| `wdutil-info.txt` | Wi-Fi diagnostics (macOS only). |
+| `xpc-launchd.log` | Most recent log file for the `launchd` process on macOS. |
 
 #### Multiple versions of the same log
 
@@ -109,7 +144,7 @@ In timestamped logs such as `daemon.log`, the most recent events will appear at
 
 ### Retrieve logs
 
-To view debug logs on mobile devices:
+To view WARP logs on mobile devices:
 
 1. Open the 1.1.1.1 app.
 2. Go to **Settings** > **Advanced** > **Diagnostics**.
diff --git a/src/content/docs/cloudflare-one/insights/dex/notifications.mdx b/src/content/docs/cloudflare-one/insights/dex/notifications.mdx
index e118d6ab36b44a..c784810126e13a 100644
--- a/src/content/docs/cloudflare-one/insights/dex/notifications.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/notifications.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: reference
 title: Notifications
 sidebar:
-  order: 3
+  order: 5
 head:
   - tag: title
     content: DEX notifications
diff --git a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
new file mode 100644
index 00000000000000..a1e66e2d128a54
--- /dev/null
+++ b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
@@ -0,0 +1,67 @@
+---
+pcx_content_type: reference
+title: Remote captures
+sidebar:
+  order: 4
+
+---
+
+:::note
+DEX remote captures are available for beta testing on [Windows](https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows/distribution_groups/beta) and [macOS](https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-macos/distribution_groups/beta). Linux builds are available upon request by contacting your account team.
+:::
+
+Remote captures allow administrators to collect packet captures (PCAPs) and WARP diagnostic logs directly from end user devices. This data can be used to troubleshoot network problems, investigate security incidents, and identify performance bottlenecks.
+
+## Start a remote capture
+
+To capture data from a remote device:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
+2. Select up to 10 devices that you want to run a capture on. Devices must be [registered](/cloudflare-one/connections/connect-devices/warp/deployment/) in your Zero Trust organization.
+3. Configure the types of captures to run.
+	- **PCAP**: Performs packet captures for traffic outside of the WARP tunnel (default network interface) and traffic inside of the WARP tunnel ([WARP virtual interface](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#ip-traffic)).
+	- **WARP Diagnostics Logs**: Generates a [WARP diagnostic log](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) of the past 96 hours. To include a routing test for all IPs and domains in your [Split Tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/), select **Test all routes**.
+	:::note
+	**Test all routes** will extend the time for diagnostics to run and may temporarily impact device performance during the test.
+	:::
+4. Select **Start a capture**.
+
+DEX will now send capture requests to the configured devices. If the WARP client is disconnected, the capture will time out after 10 minutes.
+
+## Check remote capture status
+
+To view a list of captures, go to **DEX** > **Remote captures**. The **Status** column displays one of the following options:
+	- **Success**: The capture is complete and ready for download. Any partially successful captures will still upload to Cloudflare. For example, there could be a scenario where the PCAP succeeds on the primary network interface but fails on the WARP tunnel interface. You can [review PCAP results](/cloudflare-one/insights/dex/remote-captures/#download-remote-captures) to determine which PCAPs succeeded or failed.
+	- **Running**: The capture is in progress on the device.
+	- **Pending Upload**: The capture is complete but not yet ready for download.
+	- **Failed**: The capture has either timed out or encountered an error. To retry the capture, check the WARP client version and [connectivity status](/cloudflare-one/insights/dex/fleet-status/), then start a [new capture](/cloudflare-one/insights/dex/remote-captures/#start-a-remote-capture).
+
+## Download remote captures
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
+2. Find a successful capture.
+3. Select the three-dot menu and select **Download**.
+
+This will download a ZIP file to your local machine called `<capture-id>.zip`. DEX will store capture data according to our [log retention policy](/cloudflare-one/insights/logs/#log-retention).
+
+### Device PCAP contents
+
+The downloaded PCAP folder contains three files:
+- `capture-default.pcap`: Packet captures for the primary network interface.
+- `capture-tunnel.pcap`: Packet captures for traffic inside of the WARP tunnel.
+- `results.json`: Reports successful and failed packet captures.
+
+You can analyze `.pcap` files using Wireshark or another third-party packet capture tool.
+
+### WARP Diag contents
+
+Refer to [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) for a description of each file.
+
+## Limitations
+
+- Packet captures are subject to the following limits:
+	- **Maximum time limit**: 600 seconds
+	- **Maximum file size**: 50 MB
+	- **Maximum packet size**: 1500 bytes
+- WARP diagnostic logs have no file size limit, but files larger than 100 MB cannot be uploaded to Cloudflare and must be shared directly with the admin.
+- Windows devices do not support concurrent remote captures. If you start a remote capture while another is in progress, the second capture will fail immediately.
