Is your feature request related to a problem? Please describe.
Yes.
After Windows Autopilot provisioning, when the OOBE privacy page is skipped, Location Services can remain disabled and grayed out for standard users.
We experienced the same behaviour as described here:
https://msendpointmgr.com/2026/02/10/location-services-is-grayed-out/
This also impacts the following OIB policy:
Win - OIB - SC - Device Security - D - Location and Privacy - v3.2
In our case, the policy was not fully effective because the global Location Services setting was disabled. As a result, Outlook and windows.immersivecontrolpanel were not able to request or use location access, even though the policy allowed / enforced it.
Describe the solution you’d like
I would like to suggest an optional OIB script that enables the global Windows Location Services setting after Autopilot provisioning.
The script should run in SYSTEM context and enable Location Services by using:
C:\Windows\System32\SystemSettingsAdminFlows.exe SetCamSystemGlobal location 1
This would allow the existing OIB Location and Privacy policy to apply as intended and allow approved apps such as Outlook and windows.immersivecontrolpanel to request or use location access.
Describe alternatives you’ve considered
I initially solved this by using an Intune remediation script with detection and remediation logic.
However, for OIB, this might make more sense as a standalone optional script instead of a full detection/remediation package, since the main goal is to enable the global Location Services setting once after provisioning.
Another alternative would be to not skip the OOBE privacy page, but this is often not preferred in standardized Autopilot deployments.
Additional context
This is not necessarily a bug in OIB, but a proposed optional improvement to better support the existing Location and Privacy policy after Autopilot provisioning.
Observed impact:
- Location Services are disabled globally
- Standard users cannot enable Location Services themselves
- The OIB policy Win - OIB - SC - Device Security - D - Location and Privacy - v3.2 is not fully effective
- Outlook cannot request or use location access
- windows.immersivecontrolpanel cannot request or use location access
- Location-dependent functionality, such as automatic time zone configuration, may not work as expected
I already have a working Intune remediation script and would be happy to provide it or create a pull request if this fits the direction of OIB.
Is your feature request related to a problem? Please describe.
Yes.
After Windows Autopilot provisioning, when the OOBE privacy page is skipped, Location Services can remain disabled and grayed out for standard users.
We experienced the same behaviour as described here:
https://msendpointmgr.com/2026/02/10/location-services-is-grayed-out/
This also impacts the following OIB policy:
Win - OIB - SC - Device Security - D - Location and Privacy - v3.2
In our case, the policy was not fully effective because the global Location Services setting was disabled. As a result, Outlook and windows.immersivecontrolpanel were not able to request or use location access, even though the policy allowed / enforced it.
Describe the solution you’d like
I would like to suggest an optional OIB script that enables the global Windows Location Services setting after Autopilot provisioning.
The script should run in SYSTEM context and enable Location Services by using:
C:\Windows\System32\SystemSettingsAdminFlows.exe SetCamSystemGlobal location 1
This would allow the existing OIB Location and Privacy policy to apply as intended and allow approved apps such as Outlook and windows.immersivecontrolpanel to request or use location access.
Describe alternatives you’ve considered
I initially solved this by using an Intune remediation script with detection and remediation logic.
However, for OIB, this might make more sense as a standalone optional script instead of a full detection/remediation package, since the main goal is to enable the global Location Services setting once after provisioning.
Another alternative would be to not skip the OOBE privacy page, but this is often not preferred in standardized Autopilot deployments.
Additional context
This is not necessarily a bug in OIB, but a proposed optional improvement to better support the existing Location and Privacy policy after Autopilot provisioning.
Observed impact:
I already have a working Intune remediation script and would be happy to provide it or create a pull request if this fits the direction of OIB.