We are in the process of migrating to Exchange Online (from Exchange 2016) and what to know the best way to apply RBAC. In the On Premise configuration we limited the local admins to only be able to edit mailboxes within their Organizational Unit, basically by the Write Scope.
Obviously AAD does not have OUs so wondering what the the best way to restrict access? I have tried Set-ManagementScope and the "RecipientFilter", does anyone have the best way to use the use the "RecipientFilter" - namely use Company Name, Location etc.
Also, should we use this in conjunction with the "Exchange recipient administrators" role?