By default all Azure VMs on Azure pick up the time settings from the underlying host. For security and consistency its recommended that all machines are updated from a centralised source. This is a requirement for PCI compliance etc.
To resolve this we must disable the registry setting: VMICTimeProvider.
This is a registry value: HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider and set the value for 'Enabled' to 0
Once this is disabled you then sync time to dedicated time source.
This is done via a simple command:
Set to Time Servers
w32tm /config /manualpeerlist:"0.uk.pool.ntp.org,0x1 1.uk.pool.ntp.org,0x1 2.uk.pool.ntp.org,0x1 3.uk.pool.ntp.org,0x1" /syncfromflags:manual /reliable:yes /update
Stop and start service
net stop w32time && net start w32time
Query the time service
w32tm /query /configuration
In a Windows domain environment all servers will sync their time from the PDC emulator.
Disable the VMICTimeProvider via a group policy and then run the commands above on the PDC.
netdom /query fsmo
You can then use a Group Policy object to disable the registry value on all domain servers.