This is my favourite new feature in the 2104 service release of Microsoft Endpoint Manager (formerly Microsoft Intune). We have been able to do this with iOS devices for quite some time. I remember Peter Daalmans and I demonstrating the feature at MMS in 2019. Now we can locate Windows 10 devices in the console.
There are two prerequisites before you can use this feature with Windows 10 devices.
Location Services
First you must turn on Location Services on your devices.
You can create a custom configuration policy to do this using the following OMA-URI
./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessLocation
- Windows 10 version 20H2 (10.0.19042.789) or later
- Windows 10 version 2004 (10.0.19041.789) or later
- Windows 10 version 1909 (10.0.18363.1350) or later
- Windows 10 version 1809 (10.0.17763.1728) or later
Click on the drop down arrow in the top right corner to choose the Aerial view. There is also a Bird's eye view but that wasn't available to me.
This is a great view of the device location. I can see that the street names appear in the Irish language as well as English. I'm not sure where that setting comes from. Also, the location of the device is in the right area but it isn't 100% accurate. You can read more about location services here
Back in the console you will see the status change to Locate device: Completed.
On the device the user is notified that the location of the device has been accessed by the organization. That is crucial for transparency.
I hope this blog post has been useful. Until next time.......
This is really great information. I have visited so many blogs however, I found the most relevant info here.
ReplyDeleteI believe that the setting "Let Apps Access Location" is to much to open up. In that way any application can use the location. Not needed for the functionality IMHO. I don't know another option yet though :(
ReplyDeleteAnother option to leverage Windows Location service is Akna https://akna.io/product The application provides you a map where you can see your devices using a live service.
ReplyDelete