Hiya, 2 ideas here

Idea 1 - Group Managers permissions

A limitation I don't like with Endpoint Central is that you have to be an admin to update groups.

For example, in our environment, we don't want our Desktop Engineers to be able to deploy to servers. The only way we found to ensure that doesn't happen is to have separate "Remote Offices" for servers and computers and grant our Desktop Engineers only the options to deploy to those laptop offices. Which works great, except you then can't give the Desktop Engineers the ability to add machines or users into groups for deployments and it requires full administrator permissions to the application. We are a hybrid entity, so some Azure machines (BYOD type with no domain access), some domain joined, which means we can't use AD groups to target all of our devices.

Similar to Active Directory, you don't have to be a domain admin to add users/computers to groups. 

I appreciate I'm oversimplifying it, but if there was a specific role called "Group Manager" or something that would allow certain individuals to update groups, but without giving them permissions to deploy software to servers. That would be fantastic, at least for us.

Idea 2 - Quick Group add option, in the context menus for devices, would it be possible to add an "Add to group" option, it would save having to browse away from the device list I'm in at the time to add 1 machine to a group. For non-dynamic groups obviously.