I want to restrict the role to manage students. So this person will create student accounts only and assign them to A1 license for students. He should edit only student accounts. He should not see any other tenant license information.
I see 2 poor solutions:
1. Let person create accounts only in specific ou on-premises. Witch scheduled scripts assign a1 license to this OU. However, I don't want to pollute my AD with students.
2. Create a separate tenant for students. I guess there would be limitations in classes if students and teachers are in separate tenants.