Restrict role to specific license

Regular Visitor

I want to restrict the role to manage students. So this person will create student accounts only and assign them to A1 license for students. He should edit only student accounts. He should not see any other tenant license information.  

I see 2 poor solutions:

1. Let person create accounts only in specific ou on-premises. Witch scheduled scripts assign a1 license to this OU. However, I don't want to pollute my AD with students.

2. Create a separate tenant for students. I guess there would be limitations in classes if students and teachers are in separate tenants.

Any other options?

1 Reply

Depending on which exact tasks you want to be able to preform, administrative units might work:


But AUs are kinda limited for now, so you might end up needing a custom/third-party solution.