Exploring the Group Writeback V2 feature (currently in Public Preview). This feature allows Azure AD Connect to sync Azure-based groups to AD on-premises.

High-Level Overview

Group Writeback

Individual Microsoft 365 groups may transformed to either a new Security, Mail-Enabled Security or Distribution Group.

Example

AAD Groups

AD Connect Writeback

Default Writeback

Enabling the below Security group for writeback will provision it to the nominated on-premises OU.

Security Group Writeback

AD Writeback

Microsoft 365 groups may also have their writeback type changed. In the example below the target group is changed from Distribution writeback to Security.

AAD Changing Writeback Kind

AD Changing Writeback Result

Further information

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-group-writeback-v2