Set Time Zone Automatically during Autopilot

Every Windows device starts out with the time zone set to Pacific Time (UTC-08:00). Although not an official reason, it’s easy to assume that’s because Microsoft is based out of Redmond WA, which uses Pacific Time. And while the time itself updates automatically (meaning, Windows checks Microsoft’s time server to verify the hour/minute/seconds are correct), automatic time zone is set to Off by default:

This can be a bit annoying for Autopilot deployments because after users set up their devices, there’s a good chance the time zone is incorrect. Then they manually need to update the time with admin rights!

What are our options?

Configure manual time zone

There is a setting in MEM we can use to manually set a time zone. In Microsoft Endpoint Manager, go to Devices > Configuration profiles > +Create Profile > Settings catalog (or edit one you have existing). Search for Time Zone in the settings picker, and select Configure Time Zone:

Then in the setting itself, enter the StandardName for the Time Zone you want to use:

Hint – you can get these from PowerShell by running the get-timezone or get-timezone -listavailable commands:

There’s a number of ways we could deploy that too. If all your users are in the same region, then no problem, set that time zone for everyone. You could also deploy to various groups based on their location (if you have a Chicago group for example), or combine Filters and Device Categories to target the devices.

But the obvious problem with this solution is that it doesn’t set the time zone automatically. If your users travel at all, then this can be a bit of a nonstarter.

Deploy a PowerShell script to enable Automatic Time Zone

There’s no native MEM functionality to set automatic time zone. If I had to guess, it’s because it requires us to force enable Location Services (how else would we know what time zone the device is in?). So be sure to consider the privacy implications!

First, we need to deploy an MDM setting to allow apps to use Location services. We can configure this via Devices > Configuration Profiles and creating or editing a Settings Catalog (preview) profile:

I already have a Settings Catalog profile, so I’ll edit it and add the Let Apps Access Location setting from the Privacy category:

With the setting added, we’ll configure it to Force Allow:

Make sure you assign this policy to a device group. Because we need this setting to apply before the user profile is created (during the Device portion of the Enrollment Status Page), we need to target devices. This could be all devices, your Autopilot devices group, or any device group that fits your scenario:

With that assigned and deployed, now we need to set additional location services and automatic time zone settings. Unfortunately those require a registry change, but we can configure that via a simple PowerShell script:

Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location -Name Value -Value "Allow"
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate -Name start -Value "3"

We’ll save those those PowerShell commands as a script:

And then in Microsoft Endpoint Manager admin center > Devices > Script, select +Add to upload the PowerShell script:

After providing a name, upload the saved .ps1 script and select Run script in 64 bit PowerShell Host:

Deploy that to your Autopilot group (in this case I’m using All devices, make sure you use a device group!):

And that’s it! During Autopilot with Enrollment Status Page enabled, the setting for App Location and the script setting the Time Zone Automatic settings will apply:

(I just noticed that my desktop background also applied in the blurred background during this ESP, which is very nice looking)

And once the account setup is a completed, the user will see the correct time on the desktop:

As an aside – if you deployed the PowerShell script & configuration setting to existing users (or to a User group instead of device group), the user would need to reboot and then approve the automatic Time Zone change:

Deploy a PowerShell script & Don’t Hide Privacy Settings in Autopilot

One final alternative is not hiding the privacy settings of the Autopilot profile. This requires users to manually approve the setting that allows location services, which conveniently happens during the Device portion of ESP. This would then locate the device and update the time zone prior to the user profile being created (provided you are still deploying a PowerShell script to set automatic time zone).

To do that, we would edit our Autopilot settings to Show the Privacy settings (Devices > Windows > Windows Enrollment > Deployment Profiles > edit your Autopilot profile) :

Then, during Autopilot, we’ll see the following experience. After being prompted to sign into the tenant, we’ll see ESP:

After the Device setup completes, we’ll see the Privacy settings (including Location):

After accepting the privacy settings, there’s a Preparing Windows screen:

Which turns into the Account setup ESP:

And then we’re at the desktop! With the correct time for our timezone, which we can verify in the Settings app:

Final Thoughts

Originally, this blog post explained that if we didn’t want to prompt our users or require a reboot, we would need to allow those Autopilot privacy settings to be approved manually. But after some testing a few months later, I found out that the real trick was targeting the changes to a device group, so that it would apply earlier in the process. Until there is a feature built into MEM – the best option that still gives you the cleanest Autopilot experience is to use a device group for the PowerShell and location settings!

Now it’s time to go set your zones!⏲️