It's simple,
just match the UPN and Proxy-Address
If your cloud only user has this setting: Marco.Schiavon@yourdomain.com as login account and you have additional email addresses like m.schiavon@yourdomain.com
Now you need to create the user on prem and match them trought the UPN .
When the sync occur the "identity source" will from cloud to on prem.
To do this, create an AD user that match the login/primary address of the cloud with your UPN.
In my example you will need an AD account like this:
UPN: Marco.Schiavon@yourdomain.com
Into AD Attribute Editor add the proxy address like this:
SMTP:Marco.Schiavon@yourdomain.com <<= SMTP UPPERCASE= Primary address
smtp:m.schiavon@yourdomain.com <<= SMTP lowercsase= aliases address
Marco.