Environment: Exchange Online (Microsoft 365).
We need to allow some administrators to manage only a subset of all mailboxes.
The mailboxes can be selected using a recipient filter, so this can be achieved using a management scope. This works as expected: they can't modify anything outside their write scope.
However, they are still able to read all information and settings about all mailboxes in the environment.
Is it possible to limit the read scope of a management role?