To ensure Continuous Access Evaluation (CAE) has insight into a user's location for real-time access control, configure: ✅ Named Locations in Microsoft Entra ID.

 Why Named Locations?

Purpose:

Named Locations define trusted IP ranges (e.g., corporate networks) or countries/regions.

CAE uses this data to:

Detect user location changes (e.g., sudden move from trusted to untrusted IP).

Trigger immediate session revocation if risk is detected (e.g., sign-in from a blocked country).

Impact on CAE:

Without Named Locations, CAE cannot evaluate location-based risks in real-time.

Enables CAE to enforce policies like:

Blocking access from untrusted regions.

Requiring reauthentication for location changes.

Steps to Configure:

Access Entra admin center:

Go to Protection → Conditional Access → Named Locations.

Create a Named Location:

Select IP ranges (for trusted networks) or Countries/regions (for geo-based rules).

Example: Define your office IPs as a trusted location.

Link to CAE-Supported Apps:

Ensure apps support CAE (e.g., Exchange Online, SharePoint Online, Teams).

CAE automatically uses Named Locations for real-time decisions.