Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
Policy.Read.All and Policy.ReadWrite.ConditionalAccess
Not available.
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
Policy.Read.All and Policy.ReadWrite.ConditionalAccess
Not available.
Important
In delegated scenarios with work or school accounts where the signed-in user is acting on another user, they must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
In the request body, supply a JSON representation of an ipNamedLocation or countryNamedLocation object. You must specify the @odata.type of the derived type, that is, #microsoft.graph.ipNamedLocation for an ipNamedLocation object or #microsoft.graph.countryNamedLocation for a countryNamedLocation object.
The following table lists the properties that are required to create an ipNamedLocation object.
List of IP address ranges in IPv4 CIDR format (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF RFC596. Required. The @odata.type of the ipRange is also required.
The following table lists the properties that are required to create an countryNamedLocation object.
Property
Type
Description
countriesAndRegions
String collection
List of countries and/or regions in two-letter format specified by ISO 3166-2. Required.
displayName
String
Human-readable name of the location. Required.
Response
If successful, this method returns a 201 Createdresponse code and a new ipNamedLocation or countryNamedLocation object in the response body.
POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations
Content-type: application/json
{
"@odata.type": "#microsoft.graph.ipNamedLocation",
"displayName": "Untrusted IP named location",
"isTrusted": false,
"ipRanges": [
{
"@odata.type": "#microsoft.graph.iPv4CidrRange",
"cidrAddress": "12.34.221.11/22"
},
{
"@odata.type": "#microsoft.graph.iPv6CidrRange",
"cidrAddress": "2001:0:9d38:90d6:0:0:0:0/63"
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new IpNamedLocation
{
OdataType = "#microsoft.graph.ipNamedLocation",
DisplayName = "Untrusted IP named location",
IsTrusted = false,
IpRanges = new List<IpRange>
{
new IPv4CidrRange
{
OdataType = "#microsoft.graph.iPv4CidrRange",
CidrAddress = "12.34.221.11/22",
},
new IPv6CidrRange
{
OdataType = "#microsoft.graph.iPv6CidrRange",
CidrAddress = "2001:0:9d38:90d6:0:0:0:0/63",
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.ConditionalAccess.NamedLocations.PostAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
IpNamedLocation namedLocation = new IpNamedLocation();
namedLocation.setOdataType("#microsoft.graph.ipNamedLocation");
namedLocation.setDisplayName("Untrusted IP named location");
namedLocation.setIsTrusted(false);
LinkedList<IpRange> ipRanges = new LinkedList<IpRange>();
IPv4CidrRange ipRange = new IPv4CidrRange();
ipRange.setOdataType("#microsoft.graph.iPv4CidrRange");
ipRange.setCidrAddress("12.34.221.11/22");
ipRanges.add(ipRange);
IPv6CidrRange ipRange1 = new IPv6CidrRange();
ipRange1.setOdataType("#microsoft.graph.iPv6CidrRange");
ipRange1.setCidrAddress("2001:0:9d38:90d6:0:0:0:0/63");
ipRanges.add(ipRange1);
namedLocation.setIpRanges(ipRanges);
NamedLocation result = graphClient.identity().conditionalAccess().namedLocations().post(namedLocation);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\IpNamedLocation;
use Microsoft\Graph\Generated\Models\IpRange;
use Microsoft\Graph\Generated\Models\IPv4CidrRange;
use Microsoft\Graph\Generated\Models\IPv6CidrRange;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new IpNamedLocation();
$requestBody->setOdataType('#microsoft.graph.ipNamedLocation');
$requestBody->setDisplayName('Untrusted IP named location');
$requestBody->setIsTrusted(false);
$ipRangesIpRange1 = new IPv4CidrRange();
$ipRangesIpRange1->setOdataType('#microsoft.graph.iPv4CidrRange');
$ipRangesIpRange1->setCidrAddress('12.34.221.11/22');
$ipRangesArray []= $ipRangesIpRange1;
$ipRangesIpRange2 = new IPv6CidrRange();
$ipRangesIpRange2->setOdataType('#microsoft.graph.iPv6CidrRange');
$ipRangesIpRange2->setCidrAddress('2001:0:9d38:90d6:0:0:0:0/63');
$ipRangesArray []= $ipRangesIpRange2;
$requestBody->setIpRanges($ipRangesArray);
$result = $graphServiceClient->identity()->conditionalAccess()->namedLocations()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.ip_named_location import IpNamedLocation
from msgraph.generated.models.ip_range import IpRange
from msgraph.generated.models.i_pv4_cidr_range import IPv4CidrRange
from msgraph.generated.models.i_pv6_cidr_range import IPv6CidrRange
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = IpNamedLocation(
odata_type = "#microsoft.graph.ipNamedLocation",
display_name = "Untrusted IP named location",
is_trusted = False,
ip_ranges = [
IPv4CidrRange(
odata_type = "#microsoft.graph.iPv4CidrRange",
cidr_address = "12.34.221.11/22",
),
IPv6CidrRange(
odata_type = "#microsoft.graph.iPv6CidrRange",
cidr_address = "2001:0:9d38:90d6:0:0:0:0/63",
),
],
)
result = await graph_client.identity.conditional_access.named_locations.post(request_body)
POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations
Content-type: application/json
{
"@odata.type": "#microsoft.graph.countryNamedLocation",
"displayName": "Named location with unknown countries and regions",
"countriesAndRegions": [
"US",
"GB"
],
"includeUnknownCountriesAndRegions": true
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new CountryNamedLocation
{
OdataType = "#microsoft.graph.countryNamedLocation",
DisplayName = "Named location with unknown countries and regions",
CountriesAndRegions = new List<string>
{
"US",
"GB",
},
IncludeUnknownCountriesAndRegions = true,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.ConditionalAccess.NamedLocations.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewNamedLocation()
displayName := "Named location with unknown countries and regions"
requestBody.SetDisplayName(&displayName)
countriesAndRegions := []string {
"US",
"GB",
}
requestBody.SetCountriesAndRegions(countriesAndRegions)
includeUnknownCountriesAndRegions := true
requestBody.SetIncludeUnknownCountriesAndRegions(&includeUnknownCountriesAndRegions)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
CountryNamedLocation namedLocation = new CountryNamedLocation();
namedLocation.setOdataType("#microsoft.graph.countryNamedLocation");
namedLocation.setDisplayName("Named location with unknown countries and regions");
LinkedList<String> countriesAndRegions = new LinkedList<String>();
countriesAndRegions.add("US");
countriesAndRegions.add("GB");
namedLocation.setCountriesAndRegions(countriesAndRegions);
namedLocation.setIncludeUnknownCountriesAndRegions(true);
NamedLocation result = graphClient.identity().conditionalAccess().namedLocations().post(namedLocation);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\CountryNamedLocation;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new CountryNamedLocation();
$requestBody->setOdataType('#microsoft.graph.countryNamedLocation');
$requestBody->setDisplayName('Named location with unknown countries and regions');
$requestBody->setCountriesAndRegions(['US', 'GB', ]);
$requestBody->setIncludeUnknownCountriesAndRegions(true);
$result = $graphServiceClient->identity()->conditionalAccess()->namedLocations()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.country_named_location import CountryNamedLocation
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = CountryNamedLocation(
odata_type = "#microsoft.graph.countryNamedLocation",
display_name = "Named location with unknown countries and regions",
countries_and_regions = [
"US",
"GB",
],
include_unknown_countries_and_regions = True,
)
result = await graph_client.identity.conditional_access.named_locations.post(request_body)