Today, I am excited to share how you can improve your Conditional Access policies and ensure compliance with data regulations thanks to the public preview of GPS-based named locations. This feature helps admins strengthen their security and compliance posture and allows them to restrict access to sensitive apps based on the GPS location of their users.
I have asked Olena Huang, a PM on the Identity team, to tell you more. Let us know what you think!
With the public preview of GPS-based named locations, admins can refine their Conditional Access policies by determining a user’s location with even more precision. GPS-based named locations allow you to restrict access to certain resources to the boundaries of a specific country. Due to VPNs and other factors, determining a user’s location from their IP address is not always accurate or reliable. Leveraging GPS signals enables admins to determine a user’s location with higher confidence. This is especially helpful if you have strict compliance regulations that limit where specific data can be accessed.
When the feature is enabled, users will be prompted to share their GPS location via the Microsoft Authenticator app during sign-in.
Create a policy to allow or restrict access based off a user’s GPS location
There are two simple steps:
Create a GPS-based named location.
Create or configure Conditional Access with this named location.
You’ll first need to create a countries named location and select the countries where you want the policy to apply. Configure the named location to determine the location by GPS coordinates instead of by IP address.
Next, create a Conditional Access policy to restrict access to selected applications for sign-ins within the boundaries of the named location.