Skip to main content

ENTRA053 - Entra Named Location Is Not an IP-Based Location

Agent error code #ENTRA053 indicates that the configured Named Location exists, but its @odata.type is not #microsoft.graph.ipNamedLocation. Knocknoc only manages IP-based Named Locations. Country-based and unknown-region Named Locations are not supported.

Common causes include:

  • The Named Location was created as Countries rather than IP ranges location in the Azure portal
  • A country/region Named Location was selected by mistake when configuring the Knocknoc backend
  • The Named Location was edited via the Graph API and its type was changed externally

Steps to Resolve

Confirm the Type in the Azure Portal

  1. In the Azure portal, navigate to Microsoft Entra ID > Security > Conditional Access > Named locations
  2. Open the location pointed at by the Knocknoc backend
  3. If the Configure dropdown reads Countries, this is not a location Knocknoc can manage

Create a Replacement IP-Based Location

  1. In Named locations, click + IP ranges location (not + Countries location)
  2. Tick Mark as trusted location if the Conditional Access policy depends on the trusted-location flag
  3. Add at least one sentinel range (e.g. 192.0.2.0/32) so the create succeeds. Knocknoc replaces this list on the next grant
  4. Save, copy the new ID into the Knocknoc backend configuration, and remove the old country-based reference

For the full setup, see the Microsoft Entra ID setup guide.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top