Cloud Control

3 min. readlast update: 03.28.2025

Beta

Using ThreatLocker Cloud Control, create dynamic ACLs for Microsoft 365. Named Locations created in ThreatLocker will automatically be updated in connected 365 tenants.  

Prerequisites

  • Office 365 Connector configured in ThreatLocker
  • ThreatLocker Network Control must be enabled
  • Minimum Entra P1 license 
  • Security defaults must be disabled in Entra
  • To include mobile devices, devices must have the ThreatLocker Access app installed and be registered in the ThreatLocker portal
  • At least 1 device in a Named Location must have checked in to the ThreatLocker Portal before the Named Location can be saved

Microsoft Limitations

  • Tenants can have no more than 195 Named Locations
  • Each Named Location can have no more than 2000 individual IP addresses or ranges
  • Named Locations cannot be updated incrementally
  • Microsoft can take up to 15 minutes to apply Conditional Access changes

ThreatLocker Access App Limitations

  • Battery Saver mode will put the app to sleep. Before it will check in again, the app needs to be opened to wake it up.
  • When a mobile device is powered off, the app must be manually opened when it is powered back on.
  • Apple Private Relay should be disabled for best results.

 

Named Locations Main Page

Filter Bar

  1. Applies To - Filter the page to only show specific "Applies To" (Computers and Groups)
  2. Search - Start typing to search for a specific Named Location
  3. Filter By - Select which 365 Tenant to view Named Locations for

Main Grid

  1. Named Location - Displays the name of the Named Location
  2. Tenant - Displays the name of the tenant that Named Location belongs to
  3. Object Name -Displays the ThreatLocker Object(Applies To) that is contained in the Named Location
  4. Description - Displays the description if one was provided
  5. Last Updated - Displays the date/time the Named Location was last updated in the ThreatLocker sidebar
  6. Delete - Delete the Named Location from ThreatLocker and from 365

 

Creating Named Locations

Please Note: It is recommended that you create multiple smaller named locations instead of a single larger one.

Navigate to Microsoft 365 > Microsoft 365 Control

Select the "New Named Location" button in the top left corner. The Create/Edit Named Location sidebar will slide out from the right.

Create/Edit Named Location Sidebar

  1. Name - Provide a name for the Named Location (All Named Locations will automatically be prefixed with ThreatLocker-)
  2. Description - Input a description if desired
  3. Tenant - Select the connected 365 tenant this Named Location will be synced to
  4. Applies To - Select the ThreatLocker objects (Groups or Computers) that will be contained in this Named Location
  5. Save - Press the Save button to save this Named Location

On save, the last known IP address of every object contained in the Named Location will be collected and shipped to Microsoft.  Approximately every 10 seconds, ThreatLocker will compare the IP addresses last shipped to Microsoft with the current IP address list and if there are any changes, the Named Location in Microsoft will be updated.

Please Note: Microsoft may take up to 15 minutes to update the Conditional Access policy. 

 After creating Named Locations in ThreatLocker, an Entra administrator will need to create Conditional Access policies using them. For more information on creating a Conditional Access policy to control access to M365, please see the associated article: Controlling Access to M365 Resources Using Conditional Access and Named Locations | ThreatLocker Help Center

For assistance with creating Named Locations, please reach out to the Cyber Hero Support Team.

 

 

 

 

Was this article helpful?