We have an internal site for users to access, a document library with a top-level departmental folder and subfolders for each department. Single site, not creating additional sites for departments as there is no need, just a single site with a communications site as a link aggregator which allows users to easily find the document repository, access it via web, sharepoint or OneDrive.
We've created Office 365 Security groups, added users to them. Users, all of the same site domain in Azure AD, after being added to the groups, the groups are applied to the folders.
Users then access the Sharepoint online site - and they can't see the folders or the folder contents.
Here is where the problem arises - they can only see them when they are added, individually, to the folder, not when only the group they are a member of is added to the folder. If you look at the resulting permissions when a user is in a group SharePoint reports no access (other than the default SharePoint groups). When you add the Individual they have access.
We don't want to manage individuals at a folder level, don't want to create separate SP groups, can't have a single site with a single set of top-down permissions, can't keep propagating sites for every department. Simple ask - administer users in groups, nest groups if needed, provide group-level access to folders, enable users to access resources.
Does SharePoint allow users to access resources when they are part of an Azure AD group of any kind or must they be added Individually?