Hello @LiorFrumat-5743 ,
Group based filtering in Azure AD connect can be set during the first time when AzureAD connect is installed by using custom installation option. It is generally provided for a one-time use for testing pilot deployment and syncing a set of users before full on-boarding to azure AD . If you have used it once and disabled it , you will not be able to use it again as per design. Its not a supported option to use group-based filtering in a custom configuration. The better way is to use negative filtering and configure attribute based filtering.
So Ideally in the on-premise environment you would have to define any extensionattribute1-15 on the user object and provide it a specific string value like Blocksync* or anything which you like. Now when the Azure AD connect will import the user form local Active directory , it will check as per the filtering rule if the extension attribute you have defined in the rule has a value of Blocksync and if it has the object will not be imported in the local AD connector space and hence will not be further sent to azure AD .
I have provided some links which are related to this and I would strongly suggest you to go through them. If the information provided helps , please do accept the post as answer so that it can help other members of the community . Should you have any further query , please feel free to let us know and we will be happy to help .
Thank you.