Provide Role Based Access Controls (RBAC) in the AIP Admin console
Provide a granular delegation model for administration of AIP configuration
We need rbac - We have many countries with each country manages themselves, We don’t have RBAC to split by scan policy so each has their own scan policy and can’t have them manage each other.
One of my customer have many different agencies who work independently. However they are part of the same Azure/O365 Tenants and would like to use AIP/O365 DLP individually on their own for different agencies. They are separated by domain and OUs.
We understand that you must be a Global Admin to configure and activate policy elements for AIP. We prefer to constrain the number of AAD GAs but want to proceed with AIP proof of concept and pilot, using production O365/AAD and real domain user interation, and not expose full GA entitlements to the resources handling portal configs.