M365 Changelog: Location Based Access Control

MC252197 – Updated May 07, 2021: Microsoft has updated the rollout timeline below. Thank you for your patience.

Many of Microsoft’s largest customers, typically in the banking and financial industries, are governed by strict standards. Their employees have access to very sensitive data and can only access that data within the boundaries of a single country. Admins currently restrict access to sensitive data based on IP address. However, IP address is less accurate and less reliable than GPS data. Thus, admins need the ability to restrict access based on GPS data.

Now, admins will have the ability to create Conditional Access policies to allow/deny access using a new type of Named Location based on GPS data. When the policy is enabled, end users will need to share their GPS location from the mobile device on which Microsoft Authenticator is installed. The user’s mobile device is a good indication of the user’s actual location at the time.

This message is associated with Microsoft 365 Roadmap ID 72238

When this will happen

Microsoft will be making this feature available via preview starting in mid-May (previously early May) and completing by early June (previously mid-May).

How this will affect your organization

No action is required if you do not intend to enforce policy based on GPS. However, if you would like to use this new feature, more information can be found here: Quickstart: Configure named locations in Azure Active Directory

What you need to do to prepare

Review the documentation and determine if the preview experience is appropriate for your organization.Additional information