When enabling EOP (Exchange Online Protection) the administrator is able to configure the mail flow to accept all messages from any given domain and then forward to the on-premises environment, or validate if the recipient is valid at Office365 and only the valid messages will be send through the connector to the on-premises environment. Both scenarios are valid and configured at accepted domain level in Exchange Online.
The ideal scenario is to be more restrictive at EOP/Office 365 level, however that can be done if the directory synchronization between on-premises and Office365/Azure is working properly. In some cases, especially when it is a new configuration the administrator may want to relax that filtering and allow all traffic to that specific domain to go through.
Using Exchange Admin Center, the administrator can define the domain to be either Internal Relay (it will allow all traffic to that domain to go through) or Authoritative (where only if the user exists in Office365 will allow the message to go through).
How to configure it? That’s a piece of cake, logged on Exchange Admin Center, click on mail flow (Item 1), click on Accepted domains (Item 2), then double click on the desired domain (item 3), and finally change the domain type (item 4). Save it, and wait a little bit for the changes to take effect.