Limiting 365 Admin Access

New Contributor



Can we grant system admin access within the 365 console to only specific domains and sites? Where can I read more on this?



2 Replies
No, not really. You can limit *some* functionality by leveraging the Administrative units feature:
They are however only supported in the M365 AC/Azure AD blade and don't allow all actions/roles. For some of the other admin endpoints you can use workload-specific controls (such as the RBAC model in Exchange), but if you need a robust solution, your best bet is a third-party "portal replacement" type of product.
I work at a company with thousands of employees across to globe. All countries have their own domain name (;;, etc) They are split up in AD and I only have access to US and handful of other countries. Surely 365 is able to limit access in the same way?