Share via

Find User or Group From 32 Character ID in CAP Change

MZ 0 Reputation points
2025-06-10T12:25:41.8666667+00:00

There was a change to our conditional access policy. There's an additional 32 character ID in excluded locations. How can I use that alpha numeric ID to find what that is in plain English? I searched for it under named locations and had 0 results.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
25,050 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 28,785 Reputation points Volunteer Moderator
    2025-06-10T13:34:15.84+00:00

    Helllo MZ,

    Thanks for your question.

    You are probably referring to a GUID. This could represent a user, group or SP.
    I would recommend you attempt to find the ID using:

    Get-MgUser

    Get-MgGroup

    Get-MGServiceprincipal

    Let me know if that helps you locate the objects

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

  2. Deepthi R 25 Reputation points Microsoft External Staff Moderator
    2025-06-13T11:06:26.5633333+00:00

    Hi MZ,

    The excludeLocations refers to Named Locations and each Named Location has a GUID identifier in the backend, but this isn't exposed in the GUI.

    Looks like you have tried to locate the location GUID in Entra portal and that doesn't display it directly in Entra.

    Hence, go to [Graph-https://developer.microsoft.com/en-us/graph/graph-explorer) and run query below if you find the guid and its display name of the excluded location.

    GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations

    I too have one GUID under excluded Locations. Hence, I tried in graph explorer and found one that is associated DisaplayName

    ![User's image] (https://learn-attachment.microsoft.com/api/attachments/3c546aff-69eb-40de-9b5c-03269f71883c?platform=QnA)

    
        {

            "@odata.type": "#microsoft.graph.ipNamedLocation",

            "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",

            "displayName": "Teams Workers",

            "modifiedDateTime": "2024-09-24T19:30:31.8158212Z",

            "createdDateTime": "2024-09-24T19:30:31.8158212Z",

            "isTrusted": true,

            "ipRanges": [

                {

                    "@odata.type": "#microsoft.graph.iPv4CidrRange",

                    "cidrAddress": "172.174.xx.xxx/32"

                }

            ]

        }

    To retrieve the Conditional access policies (CAPs) and see the actual exclude Locations, you run below query

    GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies

    If this answers your query, do click Accept Answer and Yes for was this answer helpful, which may help members with similar questions.User's image

    If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.