![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 23%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra Internet Access
Securing internet traffic from devices with identity-aware web filtering and threat protection
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Microsoft Entra determines location based on the public IP address seen during sign-in and evaluates Conditional Access policies (including location-based policies and Continuous Access Evaluation) using that IP and its mapped location.
From the provided context, there is no mechanism described to directly edit or override the geolocation record of a specific public IP address within Microsoft Entra. Instead, Conditional Access guidance focuses on controlling access by IP ranges and handling cases where IP or location evaluation causes unexpected blocks.
To mitigate impact on security and Conditional Access enforcement when location is not evaluated as desired, the supported approach is to rely on IP-based named locations rather than city-level geolocation:
- Identify the exact public IP address or range used by the customer (for example, 161.82.186.138 and any related egress IPs).
- In the Microsoft Entra admin center, go to Entra ID → Conditional Access → Named locations.
- Create or update a named location that includes this public IP (or range) as an IPv4 range, and optionally mark it as a trusted location if appropriate for the organization’s policies.
- Update Conditional Access policies to use this named location (include or exclude it as needed) instead of relying on the inferred geographic location.
This approach ensures that Conditional Access decisions are based on the explicitly configured IP ranges, independent of the city-level geolocation mapping, and is the documented way to avoid incorrect enforcement due to IP/location interpretation.
If strict location enforcement with Continuous Access Evaluation is in use and users are being blocked unexpectedly, sign-in logs and the IP address (seen by resource) field should be reviewed, and any legitimate egress IPs should be added to named locations to prevent unintended blocks.
References: