Automatically configure the time zone (during Autopilot enrollment)

February 1, 2024 Peter Klapwijk Intune, Microsoft Endpoint Manager, Modern Workplace, Windows 4

New Windows devices usually come out of the box with the time zone configured to Pacific Time. Great for people who live in that time zone, but I assume most of the people live in another time zone, like me and all the users of my employer. Thus, when we started our investigation into moving our Windows device management to Microsoft Intune, we also investigated how to automatically configure the time zone on our newly enrolled Windows devices.

As written in a very old blog post, we can configure the time zone with an Intune configuration profile. But a downside of this is that if the user changes the time zone the time zone will be converted back because of the policy re-applying. So, this might be an option when managing a shared desktop, or kiosk device, but not for laptops like we use a lot.

We wanted to have a solution that we could deploy during Autopilot enrollment so that the time zone is configured before the user is signed in. If possible, we wanted to set the time zone to the time zone where the user is when the enrollment is performed. We didn’t want to set a time zone based on which country owns the device, because of people who can be traveling all around the world.

After searching the web, I found a great solution mentioned in the comments of a community blog. It described a script that checks the location of the device and matches the location with a list of time zones found via an online service of Bing. We have been using this solution for quite some time for our cloud-managed devices.
Recently I wanted to share it with somebody else, but I couldn’t find it anymore! After further searching, I found the original comment from Koen van den Broeck.

But I think it deserves more visibility because, in my opinion, it’s a good solution. Therefore, I’m sharing it (with his permission) here in a blog post. But again, all credits are to Koen for his solution!

The solution in short

The solution is a PowerShell script that is (in our case) wrapped as WIN32 app, that runs during Autopilot enrollment.

The first part of the script where the magic happens first queries the https://ipinfo.io/ service for the IP address data of the device’s internet connection.
With the retrieved location, the script checks at another service, Bing Maps, for the matching time zone.

When the time zone is retrieved, it configures the time zone on the Windows device.

The script can be found on GitHub.

Requirements

As described the script calls two online services.

IPinfo.io can be used without a license, but please check the website for the current API Access limitations.
Note; if the device is connected to a network from which traffic is routed via a proxy, for example, this might show another location as the actual location of the device.

Using the API of the Bing Maps service requires us to create a Bing API key, thus requiring an account on the platform. Depending on the usage of the key, you should be fine with a Basic (Dev/ test) key that is free of usage, or you need to purchase a license. Also, check this yourself on https://www.bingmapsportal.com/

The script in more details

It’s not a very long script, but let’s divide it into a few parts and look at what it does for us.
In the functions region, we define a CleanUpAndExit function, which is also used for Intune detection when wrapped as a win32 package.

In the variables section, of course, the variables are set, from which you most likely want to change the company name. And you should add the Bing API key, otherwise, the script won’t do its job.


Next, we start the transcript, which writes some logging to the IntuneManagementExtension\Logs folder. By writing the logs to that folder, it is available when collecting Device diagnostics with Intune.

The last part is where Koen his magic happens.
It performs an Invoke-RestMethod call to http://ipinfo.io/json to retrieve the location of the device.
This location is then used to convert the location to a time zone using the Bing service.
Once we have retrieved the time zone, it is set in the last part of the script.

And that’s all for this automatic time zone configuration solution.
The time zone is configured before the user is first signed in when the script is deployed during Autopilot enrollment. the user can still change it when traveling around the world.

As written, we can deploy the script wrapped as WIN32 app with Intune, during the Windows Autopilot enrollment. But you can also just deploy it as script using Intune or change it to your needs and use it as a Remediation in Intune. Although I can imagine that the script then runs so often that the free versions of the used services are not sufficient.

In case you’re deploying the script as WIN32 app, this is how the detection rule looks like.
HKEY_LOCAL_MACHINE\SOFTWARE\COMPANY\TimeZone\v1.0

Happy testing!

Related posts:

  1. Install an additional language pack on Windows 11 during Autopilot enrollment
  2. Authenticate with a FIDO2 security key for Windows Autopilot enrollment
  3. Automatically configure Outlook contact sync to the native contacts app with Microsoft Intune
  4. Intune – Enrollment Status Page

4 Comments

  1. This is great, where ware you using for detection logic if you wrap it in Win32? I’m struggling with that part.

    Reply

  2. Hi,

    I get this error related with TLS … I’ve tried to enforce it with no success. Do you know how to fix it ?

    Invoke-WebRequest – The underlying connection was closed: An unexpected error occurred on a send.

    Thank you

    Reply

    • Sorry I was trying to say that I’ve tried to enforce TLS … this way

      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12

      But no success

      Thanks in advance

      Reply

Leave a Reply

Your email address will not be published.


*