Home
PowerShell
New-MgIdentityConditionalAccessNamedLocation

How to create a conditional access named location using Microsoft Graph PowerShell

The New-MgIdentityConditionalAccessNamedLocation cmdlet is used to create named locations in Microsoft Entra ID (formerly Azure AD), which can then be referenced in conditional access policies. Named locations help admins define trusted IP ranges, country locations, or specific network boundaries from which users are allowed or restricted from signing in. By creating these trusted locations, you can strengthen security by enforcing policies. Examples include requiring multi-factor authentication when users sign in from outside corporate networks or blocking access from high-risk geographic regions.

This article shows you how to create a conditional access named location using both Microsoft Entra admin center and Microsoft Graph PowerShell:

M365 admin center
PowerShell

Create named locations using Microsoft Entra admin center

Use the admin portal to define trusted IP ranges or countries for your policy controls.

Go to Microsoft Entra admin center.
Select Security > Conditional Access > Named locations..
Click New location and enter IPs or countries.

Create a named location using Microsoft Graph PowerShell

Prerequisites

You need the policy write permissions and the Graph module installed:


                                  Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes "Policy.ReadWrite.ConditionalAccess"

Using the New-MgIdentityConditionalAccessNamedLocation cmdlet

Run the script below by specifying the name and IP ranges or countries:


                              New-MgIdentityConditionalAccessNamedLocation -DisplayName  -IpRanges

Examples

Example 1: Create named location with IP range


                             New-MgIdentityConditionalAccessNamedLocation -DisplayName "HQ Network" -IpRanges @(@{CidrAddress="10.0.0.0/24"})

Example 2: Create named location for country


                              New-MgIdentityConditionalAccessNamedLocation -DisplayName "Canada" -CountriesAndRegions @("CA")

Example 3: Create location with multiple IP ranges


                              New-MgIdentityConditionalAccessNamedLocation -DisplayName "Remote Sites" -IpRanges @(@{CidrAddress="192.168.0.0/16"}, @{CidrAddress="10.10.0.0/16"})

Supported parameters

The following essential parameters can be used along with the New-MgIdentityConditionalAccessNamedLocation cmdlet:

Parameter	Description
-DisplayName	Name for the named location (required).
-IpRanges	Array of objects specifying trusted IP ranges (CIDR notation).
-CountriesAndRegions	List of country codes for location.
-IsTrusted	Specifies whether this location is trusted.
-OdataType	Type discriminator for the object.

Limitations of using native tools to create conditional access named locations

PowerShell commands can get complex with different use cases and scenarios.
IT admins can spend a lot of time troubleshooting errors, which negatively impacts productivity.
Delegation can get tricky since technicians require elevated permissions.

How ADManager Plus helps you manage Microsoft Entra ID

ADManager Plus, an identity governance and administration solution with comprehensive Microsoft Entra ID management and reporting capabilities, simplifies complex admin tasks from a single, user-friendly console:

Manage Entra ID users, contacts, groups, licenses, and other objects with a script-free, centralized console.
Reduce human errors by automating user provisioning, deprovisioning, and license assignment across various platforms.
Delegate Entra ID tasks to technicians without elevating their native privileges.
Keep a watchful eye with 200+ pre-packaged reports for your Entra ID and AD environments.
Monitor delegated activities through smart workflows.
Ensure business continuity with AD, Entra ID, and Google Workspace backup and recovery

Perform script-free Microsoft Entra ID management and reporting with ADManager Plus

Try it now for free

Related features:

Related Powershell Guides: