@jase jackson USA
Thank you for your post!
You should be able to accomplish these tasks by using Azure Role Based Access Control (RBAC). Azure RBAC helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. You can enable Azure RBAC at the management group, subscription, resource group, or resource level.
When it comes to denying your tenant admin rights, you can easily do so by using Azure deny assignments.
Please let me know if you have any other questions.
Thank you for your time and patience!
Additional Links:
List Azure role assignments using the Azure portal