As an MSP like many others we offer Huntress as a managed service as well as a reseller product clients self managed. We need them to be able to set their own VPN/location rules as they are the most aware of all their staff's travel plans and are more than capable of setting up rules for these. More and more we are finding "Organization level admins" aren't really able to perform all the tasks they need and are penalized/restricted, requiring them to submit requests for us to handle. Currently, the distinction between admin and security engineer is blurry, these are some of the things an admin should be allowed to do.
