I can appreciate the 365 ecosystem has made decent strides in what access roles can be granted to users in a tenant. I'm looking for some assistance with assigning the correct custom roles to achieve the following:
Grant a user/s access to amend members of a distribution group - as well as add or remove Owners
Grant the same user/s access to amend contact information for user accounts in the tenant
These admins must not be able to access anyone else's mailbox - in other words, they can't be allowed to reset passwords. We're also looking to restrict these admins from being able to view/access other areas of the tenant. They're only allowed to perform the tasks listed above.
It seems that adding Groups Admin permissions is a step in some sort of direction, but what else is missing?
Thanks in advance!