Hi everyone, 

We recently have migrated from an on-prem file share to SPO having used SPMT. Having kept file share permissions and enabled Azure AD lookup, everything migrated well but due to the fact that lots of the documents have been transferred interdepartmentally and then uploaded to different directories I do not want documents linked to the original users as they should not be presented with even the acknowledgment of Document Libraries which they are not given group access to.

What my question is - is there a way to circumvent this? The document permissions migrated over result in the user getting limited access to the document but because it is not their respective department and they do not have rights to the library they do not see the contents but do see the library in their Quick Launch. To lessen any confusion we'd like to make sure the document libraries' that the user does not have top level access to aren't shown.

I know that stripping all of the limited access rights to extraneous users would work but that would require reporting on every piece of data that has given rights to someone with scope outside of that department. Is there a way of limiting the user to only see DLs that they have direct access to through group permissions to the top level? As far as I am aware item-level permissions would not be a solution for this.