Create namedLocation

Article
07/06/2023

Namespace: microsoft.graph

Create a new namedLocation object. Named locations can be either ipNamedLocation or countryNamedLocation objects.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	Policy.Read.All and Policy.ReadWrite.ConditionalAccess
Delegated (personal Microsoft account)	Not supported.
Application	Policy.Read.All and Policy.ReadWrite.ConditionalAccess

HTTP request

POST /identity/conditionalAccess/namedLocations

Request headers

Name	Description
Authorization	Bearer {token}. Required.
Content-Type	application/json. Required.

Request body

In the request body, supply a JSON representation of an ipNamedLocation or countryNamedLocation object. You must specify the @odata.type of the derived type, that is, #microsoft.graph.ipNamedLocation for an ipNamedLocation object or #microsoft.graph.countryNamedLocation for a countryNamedLocation object.

The following table lists the properties that are required to create an ipNamedLocation object.

Property	Type	Description
displayName	String	Human-readable name of the location. Required.
ipRanges	ipRange collection	List of IP address ranges in IPv4 CIDR format (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF RFC596. Required. The @odata.type of the ipRange is also required.

The following table lists the properties that are required to create an countryNamedLocation object.

Property	Type	Description
countriesAndRegions	String collection	List of countries and/or regions in two-letter format specified by ISO 3166-2. Required.
displayName	String	Human-readable name of the location. Required.

Response

If successful, this method returns a 201 Createdresponse code and a new ipNamedLocation or countryNamedLocation object in the response body.

Examples

Example 1: Create an ipNamedLocation

Request

The following is an example of the request.

POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations
Content-type: application/json

{
    "@odata.type": "#microsoft.graph.ipNamedLocation",
    "displayName": "Untrusted IP named location",
    "isTrusted": false,
    "ipRanges": [
        {
            "@odata.type": "#microsoft.graph.iPv4CidrRange",
            "cidrAddress": "12.34.221.11/22"
        },
        {
            "@odata.type": "#microsoft.graph.iPv6CidrRange",
            "cidrAddress": "2001:0:9d38:90d6:0:0:0:0/63"
        }
    ]
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new IpNamedLocation
{
	OdataType = "#microsoft.graph.ipNamedLocation",
	DisplayName = "Untrusted IP named location",
	IsTrusted = false,
	IpRanges = new List<IpRange>
	{
		new IPv4CidrRange
		{
			OdataType = "#microsoft.graph.iPv4CidrRange",
			CidrAddress = "12.34.221.11/22",
		},
		new IPv6CidrRange
		{
			OdataType = "#microsoft.graph.iPv6CidrRange",
			CidrAddress = "2001:0:9d38:90d6:0:0:0:0/63",
		},
	},
};
var result = await graphClient.Identity.ConditionalAccess.NamedLocations.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity conditional-access named-locations create --body '{\
    "@odata.type": "#microsoft.graph.ipNamedLocation",\
    "displayName": "Untrusted IP named location",\
    "isTrusted": false,\
    "ipRanges": [\
        {\
            "@odata.type": "#microsoft.graph.iPv4CidrRange",\
            "cidrAddress": "12.34.221.11/22"\
        },\
        {\
            "@odata.type": "#microsoft.graph.iPv6CidrRange",\
            "cidrAddress": "2001:0:9d38:90d6:0:0:0:0/63"\
        }\
    ]\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewNamedLocation()
displayName := "Untrusted IP named location"
requestBody.SetDisplayName(&displayName) 
isTrusted := false
requestBody.SetIsTrusted(&isTrusted) 


ipRange := graphmodels.NewIPv4CidrRange()
cidrAddress := "12.34.221.11/22"
ipRange.SetCidrAddress(&cidrAddress) 
ipRange1 := graphmodels.NewIPv6CidrRange()
cidrAddress := "2001:0:9d38:90d6:0:0:0:0/63"
ipRange1.SetCidrAddress(&cidrAddress) 

ipRanges := []graphmodels.IpRangeable {
	ipRange,
	ipRange1,
}
requestBody.SetIpRanges(ipRanges)

namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

IpNamedLocation namedLocation = new IpNamedLocation();
namedLocation.displayName = "Untrusted IP named location";
namedLocation.isTrusted = false;
LinkedList<IpRange> ipRangesList = new LinkedList<IpRange>();
IPv4CidrRange ipRanges = new IPv4CidrRange();
ipRanges.cidrAddress = "12.34.221.11/22";
ipRangesList.add(ipRanges);
IPv6CidrRange ipRanges1 = new IPv6CidrRange();
ipRanges1.cidrAddress = "2001:0:9d38:90d6:0:0:0:0/63";
ipRangesList.add(ipRanges1);
namedLocation.ipRanges = ipRangesList;

graphClient.identity().conditionalAccess().namedLocations()
	.buildRequest()
	.post(namedLocation);


const options = {
	authProvider,
};

const client = Client.init(options);

const namedLocation = {
    '@odata.type': '#microsoft.graph.ipNamedLocation',
    displayName: 'Untrusted IP named location',
    isTrusted: false,
    ipRanges: [
        {
            '@odata.type': '#microsoft.graph.iPv4CidrRange',
            cidrAddress: '12.34.221.11/22'
        },
        {
            '@odata.type': '#microsoft.graph.iPv6CidrRange',
            cidrAddress: '2001:0:9d38:90d6:0:0:0:0/63'
        }
    ]
};

await client.api('/identity/conditionalAccess/namedLocations')
	.post(namedLocation);


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new IpNamedLocation();
$requestBody->setOdataType('#microsoft.graph.ipNamedLocation');
$requestBody->setDisplayName('Untrusted IP named location');
$requestBody->setIsTrusted(false);
$ipRangesIpRange1 = new IPv4CidrRange();
$ipRangesIpRange1->setOdataType('#microsoft.graph.iPv4CidrRange');
$ipRangesIpRange1->setCidrAddress('12.34.221.11/22');
$ipRangesArray []= $ipRangesIpRange1;
$ipRangesIpRange2 = new IPv6CidrRange();
$ipRangesIpRange2->setOdataType('#microsoft.graph.iPv6CidrRange');
$ipRangesIpRange2->setCidrAddress('2001:0:9d38:90d6:0:0:0:0/63');
$ipRangesArray []= $ipRangesIpRange2;
$requestBody->setIpRanges($ipRangesArray);


$result = $graphServiceClient->identity()->conditionalAccess()->namedLocations()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	"@odata.type" = "#microsoft.graph.ipNamedLocation"
	displayName = "Untrusted IP named location"
	isTrusted = $false
	ipRanges = @(
		@{
			"@odata.type" = "#microsoft.graph.iPv4CidrRange"
			cidrAddress = "12.34.221.11/22"
		}
		@{
			"@odata.type" = "#microsoft.graph.iPv6CidrRange"
			cidrAddress = "2001:0:9d38:90d6:0:0:0:0/63"
		}
	)
}

New-MgIdentityConditionalAccessNamedLocation -BodyParameter $params


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

request_body = IpNamedLocation(
	odata_type = "#microsoft.graph.ipNamedLocation",
	display_name = "Untrusted IP named location",
	is_trusted = False,
	ip_ranges = [
		IPv4CidrRange(
			odata_type = "#microsoft.graph.iPv4CidrRange",
			cidr_address = "12.34.221.11/22",
		),
		IPv6CidrRange(
			odata_type = "#microsoft.graph.iPv6CidrRange",
			cidr_address = "2001:0:9d38:90d6:0:0:0:0/63",
		),
	]
)

result = await graph_client.identity.conditional_access.named_locations.post(body = request_body)

Response

The following is an example of the response.

HTTP/1.1 201 Created
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#namedLocations/$entity",
    "@odata.type": "#microsoft.graph.ipNamedLocation",
    "id": "0854951d-5fc0-4eb1-b392-9b2c9d7949c2",
    "displayName": "Untrusted IP named location",
    "modifiedDateTime": "2019-09-04T01:11:34.9387578Z",
    "createdDateTime": "2019-09-04T01:11:34.9387578Z",
    "isTrusted": false,
    "ipRanges": [
        {
            "@odata.type": "#microsoft.graph.iPv4CidrRange",
            "cidrAddress": "12.34.221.11/22"
        },
        {
            "@odata.type": "#microsoft.graph.iPv6CidrRange",
            "cidrAddress": "2001:0:9d38:90d6:0:0:0:0/63"
        }
    ]
}

Example 2: Create a countryNamedLocation

Request

The following is an example of the request.

POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations
Content-type: application/json

{
    "@odata.type": "#microsoft.graph.countryNamedLocation",
    "displayName": "Named location with unknown countries and regions",
    "countriesAndRegions": [
        "US",
        "GB"
    ],
    "includeUnknownCountriesAndRegions": true
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new CountryNamedLocation
{
	OdataType = "#microsoft.graph.countryNamedLocation",
	DisplayName = "Named location with unknown countries and regions",
	CountriesAndRegions = new List<string>
	{
		"US",
		"GB",
	},
	IncludeUnknownCountriesAndRegions = true,
};
var result = await graphClient.Identity.ConditionalAccess.NamedLocations.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity conditional-access named-locations create --body '{\
    "@odata.type": "#microsoft.graph.countryNamedLocation",\
    "displayName": "Named location with unknown countries and regions",\
    "countriesAndRegions": [\
        "US",\
        "GB"\
    ],\
    "includeUnknownCountriesAndRegions": true\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewNamedLocation()
displayName := "Named location with unknown countries and regions"
requestBody.SetDisplayName(&displayName) 
countriesAndRegions := []string {
	"US",
	"GB",
}
requestBody.SetCountriesAndRegions(countriesAndRegions)
includeUnknownCountriesAndRegions := true
requestBody.SetIncludeUnknownCountriesAndRegions(&includeUnknownCountriesAndRegions) 

namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

CountryNamedLocation namedLocation = new CountryNamedLocation();
namedLocation.displayName = "Named location with unknown countries and regions";
LinkedList<String> countriesAndRegionsList = new LinkedList<String>();
countriesAndRegionsList.add("US");
countriesAndRegionsList.add("GB");
namedLocation.countriesAndRegions = countriesAndRegionsList;
namedLocation.includeUnknownCountriesAndRegions = true;

graphClient.identity().conditionalAccess().namedLocations()
	.buildRequest()
	.post(namedLocation);


const options = {
	authProvider,
};

const client = Client.init(options);

const namedLocation = {
    '@odata.type': '#microsoft.graph.countryNamedLocation',
    displayName: 'Named location with unknown countries and regions',
    countriesAndRegions: [
        'US',
        'GB'
    ],
    includeUnknownCountriesAndRegions: true
};

await client.api('/identity/conditionalAccess/namedLocations')
	.post(namedLocation);


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new CountryNamedLocation();
$requestBody->setOdataType('#microsoft.graph.countryNamedLocation');
$requestBody->setDisplayName('Named location with unknown countries and regions');
$requestBody->setCountriesAndRegions(['US', 'GB', 	]);
$requestBody->setIncludeUnknownCountriesAndRegions(true);

$result = $graphServiceClient->identity()->conditionalAccess()->namedLocations()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	"@odata.type" = "#microsoft.graph.countryNamedLocation"
	displayName = "Named location with unknown countries and regions"
	countriesAndRegions = @(
		"US"
		"GB"
	)
	includeUnknownCountriesAndRegions = $true
}

New-MgIdentityConditionalAccessNamedLocation -BodyParameter $params


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

request_body = CountryNamedLocation(
	odata_type = "#microsoft.graph.countryNamedLocation",
	display_name = "Named location with unknown countries and regions",
	countries_and_regions = [
		"US",
		"GB",
	]
	include_unknown_countries_and_regions = True,
)

result = await graph_client.identity.conditional_access.named_locations.post(body = request_body)

Response

The following is an example of the response.

HTTP/1.1 201 Created
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#namedLocations/$entity",
    "@odata.type": "#microsoft.graph.countryNamedLocation",
    "id": "1c4427fd-0885-4a3d-8b23-09a899ffa959",
    "displayName": "Named location with unknown countries and regions",
    "modifiedDateTime": "2019-09-04T01:08:02.5249255Z",
    "createdDateTime": "2019-09-04T01:08:02.5249255Z",
    "countriesAndRegions": [
        "US",
        "GB"
    ],
    "includeUnknownCountriesAndRegions": true
}

Create namedLocation

Permissions

HTTP request

Request headers

Request body

Response

Examples

Example 1: Create an ipNamedLocation

Request

Response

Example 2: Create a countryNamedLocation

Request

Response

Feedback

Additional resources

Additional resources