Azure Virtual Desktop – Enable location Services redirection

Posted on Updated on by Christoffer Klarskov JakobsenCategories:Azure, Azure Virtual Desktop

Enabling location services for users on Azure Virtual Desktop (AVD) can significantly enhance the user experience and improve the functionality of certain applications. Here’s a detailed description of how and why you should enable these services:

OBS: Google Search engine and other webpages that reply only on source IP address will not change location and will NOT use the clients local location.

Why Enable Location Services on Azure Virtual Desktop

  1. Enhanced User Experience:
    • Enabling location services allows applications that rely on location data, such as mapping and regional services, to function correctly. This ensures that users have access to accurate location-based information and services
  2. Improved Application Functionality:
    • Some applications require precise location data to provide optimal functionality. By enabling location services, you ensure that these applications can access the necessary location information, enhancing their performance and usability
  3. Accurate Location Data:
    • Without location redirection, the location of a remote session is near the datacenter the user connects to. Enabling location services ensures that the redirected longitude and latitude information is accurate to 1 meter, providing precise location data for applications
  4. Compliance and Security:
    • Enabling location services can help meet compliance requirements for applications that need to track user locations. It also enhances security by providing accurate location data, which can be crucial for certain security protocols

By following these steps and understanding the benefits, you can effectively enable location services on Azure Virtual Desktop, ensuring a better user experience and improved application functionality.

How to Enable Location Services on Azure Virtual Desktop

AVD Host Pool Configuration:
The Azure Virtual Desktop host pool setting Location service redirection controls whether to redirect location information from the local device to the remote session.

To configure location redirection using host pool RDP properties:

  1. Sign in to the Azure portal .
  2. In the search bar, type Azure Virtual Desktop and select the matching service entry.
  3. Select Host pools, then select the host pool you want to configure.
  4. Select RDP Properties, then select Device redirection.

Session Host Configuration:
If you use hybrid-joined session hosts and want to use Group Policy, you should create a policy (or add to existing “AVD – Redirection” GPO). This Policy should be linked to the OU there session hosts resides.

The GPO must have the following regedit entries for Computer Configuration:
Hive: HKEY_LOCAL_MACHINE
Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location
Type: REG_SZ
Name: value
Data: allow

And the following for user configuration (remember to make sure another GPO have Lookback processing enabled):
ENTRY1:
Hive: HKEY_CURRENT_USER
Key Path: Software\Microsoft\Windows\CurrentVersion\CPSS\Store\UserLocationOverridePrivacySetting
Type: REG_DWORD
Name: value
Data: 1

ENTRY2:
Hive: HKEY_CURRENT_USER
Key Path: Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location
Type: REG_SZ
Name: Value
Data: allow

ENTRY3:
Hive: HKEY_CURRENT_USER
Key Path: Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\NonPackaged
Type: REG_SZ
Name: Value
Data: allow

Local Device Configuration:
* Users need to connect to a remote session from a supported app and platform, this could be Windows 11 and the Windows App. A complete supported list can be found here: Compare Windows App features across platforms and devices – Windows App | Microsoft Learn 

To enable location services using Microsoft Intune:

  1. Sign in to the Microsoft Intune admin center .
  2. Create or edit a configuration profile  for Windows 10 and later devices, with the Settings catalog profile type.
  3. In the settings picker, select System. Check the box for Allow Location, then close the settings picker.
  4. Expand the System category, then from the drop-down menu select Force Location On. All Location Privacy settings are toggled on and grayed out. Users cannot change the settings and all consent permissions will be automatically suppressed.
  1. Select Next.
  2. On the Assignments tab, select the group containing the client computers for users using Azure Virtual Desktop, then select Next.
  3. On the Review + create tab, review the settings, then select Create.
  4. Once the policy applies to the computers, restart them for the settings to take effect.

Testing Location Redirection:
Test the location redirection to ensure that the location information is accurately redirected from the local device to the remote session.
To validate the local device, go to SettingsSecurity and Anonymity, and then Location. Make sure Location services are enabled for Windows App (should be set by the policy we created in Intune in earlier steps).

Christoffer Klarskov Jakobsen

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *