Medium to large corporations often find themselves having multiple domains attached to a single Office 365 / Azure AD tenant; often each domain represents a subsidiary or group with their own local administrators. While Office 365 / Azure AD provides Role Based Access Control (RBAC), this is applied horizontally across the tenant. For example, a Global Administrator or a Billing Administrator can manage those privileges against the entire tenant, but not across a specific set of users (say, users, belonging to a specific domain).
The Work 365 Admin addresses this issue by providing organizations with the ability to delegate administrative control by domain and/or user groups (coming soon). Use delegated administration to assign limited admin privileges to users in your organization who are administrators at the local level but not at the global level.
Suppose, your Active Directory has multiple domains, say, fabrikam.in, fabrikam.com, fabrikam.uk & fabrikam.eu. Now with Work 365 Admin, you can easily delegate administration privileges to a user (email@example.com) for a domain (fabrikam.in). Note that firstname.lastname@example.org won’t have any administrative privileges over other domains (fabrikam.com, fabrikam.eu, etc)