Exploring the Group Writeback V2 feature (currently in Public Preview). This feature allows Azure AD Connect to sync Azure-based groups to AD on-premises.
High-Level Overview
Individual Microsoft 365 groups may transformed to either a new Security, Mail-Enabled Security or Distribution Group.
Example
Enabling the below Security group for writeback will provision it to the nominated on-premises OU.
Microsoft 365 groups may also have their writeback type changed. In the example below the target group is changed from Distribution writeback to Security.
Further information
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-group-writeback-v2