When applying a license to an Office 365 user that has been synced via Azure AD Connect from on premises Active Directory, a mailbox will be created that cannot be managed using the Office 365/Exchange Online Admin portal, or via the on premises Exchange management tools.

This user is synchronized with your local Active Directory. Some details can be edited only through your local Active Directory.

The operation on mailbox "Username" failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'EmailAddresses', can't be performed on the object 'Username' because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

The operation on mailbox "Username" failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'HiddenFromAddressListsEnabled', can't be performed on the object 'Username' because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

When directory synchronization is enabled for a tenant and a user is synchronized from on-premises, most of the attributes cannot be managed from Exchange Online and must be managed from on-premises. This is not due to the hybrid configuration, but it occurs because of directory synchronization.

Remove the Office 365 license from the user in the Office 365 Admin portal:
https://admin.microsoft.com/AdminPortal/Home#/users

Delete the account in the on premises Active Directory

Force a sync of Azure AD Connect:

Import-Module ADSync
Start-ADSyncSyncCycle -PolicyType Delta

Purge the deleted account from Azure AD:

Get-MsolUser -ReturnDeletedUsers | FL UserPrincipalName,ObjectID
Remove-MsolUser -ObjectId <Object Id> -RemoveFromRecycleBin -Force

Remove the mailbox from Exchange Online, which may require the SoftDeletedMailbox flag:

Get-Mailbox -Identity user@domain.com -SoftDeletedMailbox | Remove-Mailbox -PermanentlyDelete -Force
Get-Mailbox -Identity user@domain.com | Remove-Mailbox -PermanentlyDelete -Force

https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange
Customers with a hybrid configuration often find after a period of time that all of their mailboxes have been moved to Exchange Online. At this point, they may decide to remove the Exchange servers from on-premises. However, they discover that they can no longer manage their cloud mailboxes.

When directory synchronization is enabled for a tenant and a user is synchronized from on-premises, most of the attributes cannot be managed from Exchange Online and must be managed from on-premises. This is not due to the hybrid configuration, but it occurs because of directory synchronization.


https://blogs.technet.microsoft.com/exchange/2012/12/05/decommissioning-your-exchange-2010-servers-in-a-hybrid-deployment/
Organizations that have configured a hybrid deployment for mailbox management and hybrid feature support have also configured Office 365 Active Directory synchronization (DirSync) for user and identity management. For organizations intending on keeping DirSync in place and continuing to manage user accounts from the on-premises organization, we recommend not removing the last Exchange 2010 server from the on-premises organization. If the last Exchange server is removed, you cannot make changes to the mailbox object in Exchange Online because the source of authority is defined as on-premises. The source of authority refers to the location where Active Directory directory service objects, such as users and groups, are mastered (an original source that defines copies of an object) in a hybrid deployment.

https://support.microsoft.com/kb/2619062
You want to manage objects in Office 365, Azure, or Intune and you no longer want to use directory synchronization.

Set-MsolDirSyncEnabled –EnableDirSync $false