In order to manage Azure AD, we use Azure Active Directory option in https://portal.azure.com. By default, any user under Azure AD can access this option event they do not have a Directory role. In my demo setup, I have a user called "Emily Braun". She doesn't have any Directory role assigned.
Then I log in to Azure portal https://portal.azure.com as the user and then go to Azure Active Directory option. It didn't block me accessing it.
I can go to All users and see user account details.
I even can see the Groups memberships details.
Also, can view application assignments.
As an end user I also can see the Azure AD Connect details.
[Read more…] about Step-by-Step Guide to Restrict Azure AD Administration portal