Limiting 365 Admin Access

New Contributor

Hi,

 

Can we grant system admin access within the 365 console to only specific domains and sites? Where can I read more on this?

 

Thanks

2 Replies
No, not really. You can limit *some* functionality by leveraging the Administrative units feature: https://docs.microsoft.com/en-us/azure/active-directory/roles/administrative-units
They are however only supported in the M365 AC/Azure AD blade and don't allow all actions/roles. For some of the other admin endpoints you can use workload-specific controls (such as the RBAC model in Exchange), but if you need a robust solution, your best bet is a third-party "portal replacement" type of product.
I work at a company with thousands of employees across to globe. All countries have their own domain name (company.us; company.de; company.tw, etc) They are split up in AD and I only have access to US and handful of other countries. Surely 365 is able to limit access in the same way?
Thanks.