I am wondering is it possible to be able to assign users the ability to use certain cmdlets through powershell.
For example the New-AzureADDirectorySetting cmdlet is generally only allowed to be used by global admins.
Is it possible to be able to grant that cmdlet to a certain user to be able to use or not? Or is there any other roles that can do this in the azure AD?
You are thinking this other way around, there are a bunch of roles in Azure AD and you can assign them to user. Once the user is assigned to role he can use certain cmdlets that are specific to the role.
You obviosuly have access to all the cmdlets on your machine, but if you do now have Azure AD rights assigned to you to execute the cmdlet - it will fail,
RBAC (Role Based Access Control) is available in Azure,
You can read all about it here.
It's a good amount of work to set up but is the 'correct' solution for what you're trying to do.
You may also find one of the default roles contains suitable permissions so you don't need to spend time configuring your own.
Just so you're aware, the cmdlet will still be 'loaded' into Powershell, but executing it without permissions will fail.
