New Windows devices usually come out of the box with the time zone configured to Pacific Time. Great for people who live in that time zone, but I assume most of the people live in another time zone, like me and all the users of my employer. Thus, when we started our investigation into moving our Windows device management to Microsoft Intune, we also investigated how to automatically configure the time zone on our newly enrolled Windows devices.
As written in a very old blog post, we can configure the time zone with an Intune configuration profile. But a downside of this is that if the user changes the time zone the time zone will be converted back because of the policy re-applying. So, this might be an option when managing a shared desktop, or kiosk device, but not for laptops like we use a lot.
In the past, I found a solution in a community blog post, that did the trick by calling Bing Maps. I shared the solution of Koen van den Broeck in the past which used Bing Maps to retrieve all time zones. In the meantime, Bing Maps for Enterprise is deprecated.
Luckily we work in a great community, and Johannes Muller changed the PowerShell script to use an Azure Maps account. After a few additional changes from my side, it is ready for usage again during our Autopilot enrollments!
The solution in short
The solution is a PowerShell script that (in our case) is wrapped as WIN32 app, that runs during Autopilot enrollment.
The first part of the script where the magic happens first queries the https://ipinfo.io/ service for the IP address data of the device’s internet connection, to retrieve the corresponding country code.
With the retrieved country code, the script checks at another service, Azure Maps, for the matching time zone.
When the time zone is retrieved, it configures the time zone on the Windows device.
The script can be found on GitHub.
Requirements
As described the script calls two online services.
IPinfo.io can be used without a license, but please check the website for the current API Access limitations.
Note; if the device is connected to a network from which traffic is routed via a proxy, for example, this might show another location as the actual location of the device.
To retrieve all time zones, we make use of an Azure Maps account, a service that can be created in the Azure portal. As it is an Azure service, it consumes Azure credits, but this seems not much.
Create the Azure Maps Account
Creating an Azure Maps account is straightforward, but let’s have a look at those steps.
Sign in to the Azure portal and search for the service Azure Maps.
Under Azure Maps Accounts, click Create.
Select a Subscription, Resource group, region, and pricing tier. Enter the name of the account.
Set a checkmark to agree with the license and Privacy Statement and click Review + Create.
Open the Azure Maps Account and browse to Authentication under Settings.
Here we find the Shared Key Authentication. We need one of these keys for authentication in our script.
The script in more details
It’s not a very long script, but let’s divide it into a few parts and look at what it does for us.
In the functions region, we define a CleanUpAndExit function, which is also used for Intune detection when wrapped as a win32 package.
In the variables section, of course, the variables are set, from which you most likely want to change the company name. And you should add the shared key of the Azure Maps Account, otherwise, the script won’t do its job.
Next, we start the transcript, which writes some logging to the IntuneManagementExtension\Logs folder. By writing the logs to that folder, it is available when collecting Device diagnostics with Intune.
The last part is where the magic happens.
It performs an Invoke-RestMethod call to http://ipinfo.io/json to retrieve the location of the device.
This location information contains the country code which is then used to convert the country code to a time zone using the Azure Maps account.
It first retrieves all available time zones via the Invoke-RestMethod call which includes the shared key:
Invoke-RestMethod -Uri $AzureMapsURL -Method Get
We search for the matching time zone information using the country code found via ipinfo.io and at last the time zone is set by the script.
And that’s all for this automatic time zone configuration solution.
The time zone is configured before the user is first signed in when the script is deployed during Autopilot enrollment. the user can still change it when traveling around the world.
As written, we can deploy the script wrapped as WIN32 app with Intune, during the Windows Autopilot enrollment. But you can also just deploy it as script using Intune or change it to your needs and use it as a Remediation in Intune. Although I can imagine that the script then runs so often that the free versions of the used services are not sufficient.
In case you’re deploying the script as WIN32 app, this is how the detection rule looks like.
HKEY_LOCAL_MACHINE\SOFTWARE\COMPANY\TimeZone\v2.1
Happy testing!
9 Comments
This is great, where ware you using for detection logic if you wrap it in Win32? I’m struggling with that part.
I added some info on that to the blog post. Is it clear for you with this information?
Hi,
I get this error related with TLS … I’ve tried to enforce it with no success. Do you know how to fix it ?
Invoke-WebRequest – The underlying connection was closed: An unexpected error occurred on a send.
Thank you
Sorry I was trying to say that I’ve tried to enforce TLS … this way
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12
But no success
Thanks in advance
Bing Maps unfortunately has no future, right after we implemented it:
• Customers using Bing Maps for Enterprise Basic or Free license will no longer be able to use Bing Maps for Enterprise services beyond June 30, 2025.
(a) Basic / Free Licenses customers who would like to continue using enterprise maps from Microsoft are encouraged to move to Azure Maps before June 30, 2025.
(b) Existing Basic / Free Licenses customers who would like to continue using Bing Maps for Enterprise until the service end date of June 30, 2028, can upgrade to a paid Enterprise License by contacting maplicq@microsoft.com before June 30, 2025.
Thanks. the experience iswhen i ran this during autopilot is that it will change to the correct timezone . however after autopilot and user logins in , it is back to pacific time. are you getting the same behavior?
Hi Peter, were you able to review my comment?
This works in part, where the country code is detected as US – we get multiple timezones being offered and therefore cannot be set. is there a way to fix this?
I have a similar question to above, when the CountryCode has more than one timezone assigned, how are you able to distinguish which one to use? Can we use region?