Windows LAPS Azure AD and Administrative Units
If you are looking for a way to granularly control access to LAPS local admin passwords, you should consider Azure Administrative Units.
How it works
You can collect users, groups and devices into a virtual container, called Administrative Unit (AU).
Membership election can be assigned, but also Dynamic User/Device.
Here you can add Roles and administrators. All these assignments are only effective for the users, groups and devices in the Administrative Unit.
Now for example a Cloud Device Administrator in AU Switzerland can only retrieve the LAPS password for the Devices which are in the AU Switzerland.