azure active directory role
I have a scenario where azure active directory users login to fronend app and will be able to handle user administration using graph apis. These users will not having access to subscription/resources these users are access to only Azure AD who can update/create/delete usrs/profiles. To achieve those actions users should have user admin directory role. But the issue here is these users can login to azure portal and have admin assess to all users. For ex: if I have few applications where users are different i can manage from frontend app and business logic to show only users to related to those app but if these users are logging in to the portal then they will be able to access all the users.
Currently there an option to block no-admin users but i didn't find any non admin role who can update their profile so that we can block them atleast to have access in azure portal.
Basically what we need is user should be able to access azure ad including admin related but should have an option to avoid portal access.
Valid feedback. Open for customer upvotes