Sunday, 2 May 2021

Locating a Windows 10 device with Microsoft Endpoint Manager

This is my favourite new feature in the 2104 service release of Microsoft Endpoint Manager (formerly Microsoft Intune). We have been able to do this with iOS devices for quite some time. I remember Peter Daalmans and I demonstrating the feature at MMS in 2019. Now we can locate Windows 10 devices in the console.

There are two prerequisites before you can use this feature with Windows 10 devices.

Location Services

First you must turn on Location Services on your devices.

You can create a custom configuration policy to do this using the following OMA-URI 

./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessLocation


Configure an integer with value of 1 to forcibly turn on location services.


You could also create a configuration profile using the Settings catalog. In the Privacy category, choose Let Apps Access Location.


Location services are turned on. This is what it looks like on a test client.

Minimum operating system version.

This feature is only supported on the following Windows 10 versions:
  • Windows 10 version 20H2 (10.0.19042.789) or later
  • Windows 10 version 2004 (10.0.19041.789) or later
  • Windows 10 version 1909 (10.0.18363.1350) or later
  • Windows 10 version 1809 (10.0.17763.1728) or later
How to locate a Windows 10 device

In the MEM console, select Devices > Windows devices. Click on the device you want to locate. Click on the three dots on the Overview page.


This is my test client. Locate device seems to be greyed out. What could be wrong?


Ah, I see why. It's an unsupported Windows 10 version. This device is 10.0.18363.418 but must be a minimum of 10.0.18363.1350.


I updated the device.


Now the Locate device feature is available. Click Locate device.


You are presented with a warning about local laws and regulations around location data. Essentially there are privacy concerns. You're told that Intune will only retain the location data for 24 hours. 


A Bing map opens with the status
Locate device pending.


Within a minute my test device was located and it's location was displayed. This is the Road view.


Click on the drop down arrow in the top right corner to choose the Aerial view. There is also a Bird's eye view but that wasn't available to me.


You can use the + and - buttons to zoom in and out.


This is a great view of the device location. I can see that the street names appear in the Irish language as well as English. I'm not sure where that setting comes from. Also, the location of the device is in the right area but it isn't 100% accurate. You can read more about location services here


Back in the console you will see the status change to Locate device: Completed.

On the device the user is notified that the location of the device has been accessed by the organization. That is crucial for transparency.

I hope this blog post has been useful. Until next time.......




3 comments:

  1. This is really great information. I have visited so many blogs however, I found the most relevant info here.

    ReplyDelete
  2. I believe that the setting "Let Apps Access Location" is to much to open up. In that way any application can use the location. Not needed for the functionality IMHO. I don't know another option yet though :(

    ReplyDelete
  3. Another option to leverage Windows Location service is Akna https://akna.io/product The application provides you a map where you can see your devices using a live service.

    ReplyDelete