@Rusnak, Alan Thank you for reaching out to us, As I understand you are looking for steps to modify the privileges for Global Administrator role (in-built Azure AD).
Its not possible to modify in-built Azure AD roles, however we have custom role permissions options where you can create the custom role - https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-available-permissions
In the above question you also mentioned you want to remove the ability for Global Administrators to delete the Azure Audit Logs - we don't have an option to delete the Azure AD logs from the portal, however we have logs stored in Azure AD for 30 days - How long does Azure AD store the data?
Refer to this article on how to retain Azure AD logs for long-term use or integrate it with third-party Security Information and Event Management (SIEM) tools to gain insights into your environment. - https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-monitoring
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.