Azure AD Connect Sync Tool - Allow sync by selecting specific AD Groups - Not by OU
We are using the Azure AD Connect sync tool and would like to be able to synchronize a selection of on premise AD security groups. This would allow us the ability to create a set of Azure groups on premise that we add users to and specifically grant access to our azure AD. Then in Azure we can set those permissions to azure resources as needed. This allows us to add and remove users on prem easily and synchronize ONLY those users we want to have access to Azure. This keeps our Azure AD clean and relevant. The current tool only allows this at the OU level. Users must exist in an OU along with the group. In the tools configuration you must choose that specific OU to sync.
Azure Power Users etc.
The tool appears to support this but it in fact doesn't work properly. I hope a MS representative sees this post and investigates this request.