Someone might have already suggested this, but, as an interim solution, you can set your IT users up as "Monitor" users in the LEM Console and modify their filter set according to what you do and don't want them to see. For more information, check out the following KB article:
As you're setting up those users' filters, consider deleting all of their filters except for the "All Alerts" filter, and then modifying their "All Alerts" filter to show only the alerts from their devices, etc. REMEMBER, as stated in the KB article, you'll have to do all of this on the user's computer, logged into their Windows profile.
I hope this helps for now. Let me know if you have any questions.
Just wanted to mention that in addition to Phil's comment about using Monitor to accomplish this for real-time data, we have also received this request for searches (as it stands, Monitor users cannot perform searches) and other data access. We'll continue to keep an eye on that and will probably have questions for customers like yourselves when it comes time to look at implementing that feature.