While not being able to accept or deny messages in hybrid scenario was solved in earlier post, now that people could approve posts they were getting an error message:
Microsoft Exchange Approval Assistant ([email protected])
Your message couldn't be delivered because delivery to this address is restricted to authenticated senders. If the problem continues, please contact your email admin.
Diagnostic information for administrators:
Generating server: Exchange
Remote Server returned ‘550 5.7.134 RESOLVER.RST.SenderNotAuthenticatedForMailbox; authentication required; Delivery restriction check failed because the sender was not authenticated when sending to this mailbox'
Original message headers:
Is seems that for everything to work fine Azure AD Connect has to synchronize Microsoft Exchange System Objects with all the special Exchange mailboxes. If you've custom Azure AD Connect installation you may need to take a look if you've included that into sync.
If that didn't help there is one more step that may need to be done. We need to cheat Exchange Online into sending approval messages to On-Premise Exchange. To do that we need to create Mail Contact on Office 365. For that you just need Display Name, Alias and Email Address. Only email address is required to be as is. Rest is up to you.
Please note that SMTP: in External email address will be added automatically by Exchange so you can skip it.
After that email approvals will work just fine. To be honest it's something I would expect to be really well documented or even automated process. Keep in mind you may need to give it some time for syncs to happen and be applied correctly.