diff --git a/providers/ms365/resources/conditional-access.go b/providers/ms365/resources/conditional-access.go
index 7f2481b07..c62362803 100644
--- a/providers/ms365/resources/conditional-access.go
+++ b/providers/ms365/resources/conditional-access.go
@@ -11,31 +11,36 @@ import (
 	"go.mondoo.com/cnquery/v11/providers/ms365/connection"
 )
 
-func (a *mqlMicrosoftConditionalAccess) namedLocations() (string, error) {
+func (a *mqlMicrosoftConditionalAccess) namedLocations() ([]interface{}, error) {
 	conn := a.MqlRuntime.Connection.(*connection.Ms365Connection)
 	graphClient, err := conn.GraphClient()
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
 	// Make a request to get named locations
 	ctx := context.Background()
 	namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Get(ctx, nil)
 	if err != nil {
-		return "", transformError(err)
+		return nil, transformError(err)
 	}
 
-	// Check if any of the named locations exist and return the first one
+	// Collect all named location names
+	var locationNames []interface{} // Changed to interface{} to match the expected return type
 	for _, location := range namedLocations.GetValue() {
 		// Use type assertion to check for IP named locations
 		if ipLocation, ok := location.(*models.IpNamedLocation); ok {
 			displayName := ipLocation.GetDisplayName()
 			if displayName != nil {
-				return *displayName, nil
+				locationNames = append(locationNames, *displayName)
 			}
 		}
 	}
 
-	log.Println("No named locations are defined.")
-	return "", nil
+	if len(locationNames) == 0 {
+		log.Println("No named locations are defined.")
+		return nil, nil
+	}
+
+	return locationNames, nil
 }
diff --git a/providers/ms365/resources/ms365.lr b/providers/ms365/resources/ms365.lr
index 74e14f839..bccd7ee6e 100644
--- a/providers/ms365/resources/ms365.lr
+++ b/providers/ms365/resources/ms365.lr
@@ -59,7 +59,7 @@ microsoft.tenant @defaults("name") {
 // Microsoft Conditional Access Policies
 private microsoft.conditionalAccess {
   // Return the name of the first named location
-  namedLocations() string
+  namedLocations() []string
 }
 
 // Microsoft Entra ID user