Allow Security and Compliance Features to be scoped
Features such as ediscovery, legal holds and message tracking that have moved into the security and compliance center are not able to be scoped. i.e. delegated admins can search all mailboxes instead of the mailboxes within the domains that they have access to.
Please, check the following as I guess this is what you are looking for: https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-compliance-boundaries
In today's security environment how can you NOT provide delegated admin? What's the choice - give everyone access to everything, or have your topmost admins do every single ticket? This should not have been rolled out without this in place.