Admin Roles restrict for IT branch in Office 365 admin centre

Copper Contributor

i may need some advise regarding the Office 365 admin role can assign the IT Helpdesk admin for branch without see the HQ email users? 

 

Example: 

1 HQ 

A Branch

B Branch

C branch

 

Each branch have internal IT team. however those 3 branch all are using same domain like abchotels.com 

 

Would like to know can assign the A Branch with HelpDesk Admin role only manage to branch A Email Users ? 

B Branch Assign the help desk admin role only manage to B branch Email Users

 

HQ IT Team manage to see everything ( using global admin ) 

Question: 

B Branch is not allow to see Branch A \ Branch C or HQ Email users in office 365 admin center.  

 

 

Thank you 

Ray 

 

 

3 Replies
Best you can do is leverage administrative units: https://learn.microsoft.com/en-us/azure/active-directory/roles/administrative-units
As for restricting visibility to users in other branches, there is no perfect solution. Some UI bits will honor the admin units restrictions and not show users from other branches, but some other admin tools will, and so will clients, as by default everyone has read-only access to the directory.
Hi , thank for your hinks and after i explored the administrative-Unit at Office 365 admin center which is under Assign administrative unit-scoped administrators is unable to like ( Create new User \ Reset MFA ) not tally with the documents link explained.