Generally yes/standard. For example we allow access to Microsoft 365 from any device with multi-factor authentication. But if you are off the corporate network or not on a managed device, cut/paste and download will be disabled because once data leaves the work container, the company does not have any further visibility to what happens with that data. Same thing for those accessing a virtual desktop via Citrix -- they can only work in that virtual desktop and not copy data to the local machine. And there are certain access locations (i.e. countries) that are blocked from accessing either of those.

This may be a little deep - but here is a reference document on the full Citrix set of technologies/practices a company could implement to try and protect data in a bring your own device world. Not saying your company is doing all of this - but they may have started using more of the Citrix tools available to them, hence now needing the geo data to feed it.

Reference Architecture - Protect apps and data on bring-your-own-devices

As I said before, it could also just be they moved to Citrix cloud and the input is for performance reasons. But whether for performance or security reasons, it is doubtful there is a human looking at each of your logins, where it was from, and immediately reporting that to HR or your manager. Though if you happen to be the only person logging in for a week from Sochi while enjoying a nice relaxing Black Sea vacation -- it is possible someone from your Infosec team may notice those outliers and have a look to see who it is