In this post, we explore how to enable location services in Windows devices using Intune—a feature that not only enhances our ability to locate devices in real time but also bolsters overall security and compliance.
By enabling these services, we can gain valuable insights into device whereabouts, which can be instrumental during troubleshooting, asset management, and emergency scenarios. We’ll walk through the key configurations, best practices, and common pitfalls encountered during deployment, ensuring that our approach aligns with modern IT management strategies. Join us as we delve into a step-by-step guide to harness the full potential of Intune for location-based device management.
Table of Contents
But why?
Enabling Location Services isn’t just about keeping devices on the map—it’s about empowering us to gain valuable insights that improve security, streamline operations, and support our end users effectively. When we enable location services, we can achieve several critical benefits:
- Enhanced Asset Tracking and Recovery:
By having location services active, we can quickly pinpoint the whereabouts of lost or stolen devices (if and when they are powered on of course). This capability not only accelerates recovery efforts but also acts as a deterrent against unauthorized use. When devices check in regularly, we can build a location history that supports asset management and accountability across the organization. - Improved Security and Compliance:
Location data is an essential component in enforcing security policies. With location services enabled, we can monitor device movements and ensure that only compliant and secure devices access corporate resources. This additional layer of oversight strengthens our overall security posture and helps us meet regulatory and internal compliance requirements. - Streamlined Troubleshooting and Emergency Response:
In scenarios where immediate action is needed—such as responding to security incidents or aiding a user in an emergency—having real-time or near-real-time location data proves invaluable. It enables our support teams to act swiftly, whether that means coordinating a device’s recovery or addressing location-specific configuration issues.
Overall, enabling location services provides us with a powerful tool to manage our mobile ecosystem more effectively, ensuring that we can support our users and protect our corporate assets in today’s fast-paced, hybrid work environment.
How to enable location services?
The steps are pretty straight forward.
- Create a New Configuration Profile:
- Navigate to Devices > Windows > Configuration.
- Click Create > New Policy.
- Select Platform: Windows 10 and later and choose Profile type: Settings catalog.
- Name and Describe Your Profile:
Give the profile a descriptive name (e.g., “Enable Location Services”) and an optional description that explains its purpose. - Configure Location Settings:
- In the Settings picker, search for “Location and Sensors”.
- Locate the setting “Turn Off Location (User)” and set it to Disabled. Check the relevant Microsoft documentation for further details. This ensures that the operating system’s location service remains active and cannot be manually turned off by the end user.
- If you wish to control app-level access separately, search for “Privacy” settings and configure “Let Apps Access Location”. For instance, you might set this to Force Allow for critical apps (or use Force Deny if you want to restrict apps while keeping the system location service active). Check the setting’s details here.
- Review and Assign:
- Review your settings and then assign the profile to your target device groups.
- Click Create to deploy the profile.
After waiting for the required time for the policy to apply to the devices you should be able to see the change reflected to the endpoints.
Real-Life Scenario
Before enabling the setting, I checked the location settings in the device and observed that they were disabled. After the deployment of the profile we can see the below state.
By trying to locate the device through Intune we are able to get an almost accurate location.
References and Documentation
- Policy CSP – ADMX_Sensors
- Policy CSP – ADMX_Sensors – DisableLocation_1
- Policy CSP – Privacy – LetAppsAccessLocation
Other interesting posts
This blog offers a simple guide to enabling location services using Intune, making device management more efficient and secure. A must-read for IT admins looking to streamline location-based policies and compliance!