I understand that you are looking to set up independent environments within your Entra ID tenant so that users cannot see each other's information. There isn't an out-of-the-box way to set up completely segmented environments in one Microsoft Entra ID tenant. However, you could restrict access to users for viewing certain data through these options:
1)You can use the setting, Restrict access to Microsoft Entra administration portal to prevent standard users from viewing any Microsoft Entra ID data in the administrative portal. That said, this setting does not restrict access to the data by using PowerShell, Microsoft Graph API, or other clients such as Visual Studio. It also doesn't restrict access as long as a user is assigned a custom role (or any role).
2)You can set -UsersPermissionToReadOtherUsersEnabled to $false . This setting indicates whether to allow users to view the profile info of other users in their company. This setting is applied company-wide. Setting to $False to disables users' ability to use the Azure AD module for Windows PowerShell to access user information for their organization. However, the MSOL module is being deprecated soon. https://learn.microsoft.com/en-us/powershell/module/msonline/set-msolcompanysettings?view=azureadps-1.0
3)Ultimately the best way to isolate the users to different scopes would be to create multiple directories to keep them separated. If the users need to access the same applications, you can configure multi-tenant applications so that they would have access without being able to browse other user information.