Hello,
In our tenancy we have both domain synced and native (on.microsoft.com) accounts. The on.microsoft.com accounts should only have access to one site collection.
Some of our content on the all site collections should be accessible by all internal users, that is all synced accounts but not native accounts.
To prevent access by the native accounts, I have hidden the groups
Set-SPOTenant -ShowEveryoneExceptExternalUsersClaim $false
Set-SPOTenant -ShowEveryoneClaim $false
Set-SPOTenant -ShowAllUsersClaim $false
But this leaves a problem we have a couple of domains and I need a way to grant all synced users access to certain content. I have tried creating a universal group and adding the domain users group from both domains. I understand now that Office 365 does not sync domain users so this does not work.
So I guess there are two questions here
1. Is there anyway to restrict the native accounts on a site collection, if so I could allow the everyone but external users group back again.
2. Failing the above, does anyone know of a way I can create an AD group that will work.
many thanks
Laura