In our environment, we create the e-mail distribution lists in Active Directory and they are then synchronized to Office 365 Exchange via AAD Connect.  Therefore, management of distribution lists is done in Active Directory (adding/removing members, setting restrictions, etc.)  The exception is that Send As permissions are set in O365 (not Active Directory).

Below are some distribution list configuration examples.

Hide a distribution group from the address list.

1. In Active Directory, set the msExchHideFromAddressLists attribute on the distribution list object to TRUE.
2. The box next to Hide this group from address lists will be checked after the next synchronization.

Restrict who can send to a distribution group.

1. In Active Directory, select the distribution group to which access will be restricted. Populate the dlMemSubmitPerms attribute with the name of the group that will be allowed to send to the distribution group.  (Initially use LDP or PowerShell.  Once the field has been populated, it can be modified via the ADUC.)  Use the authOrig attribute for individual user accounts.
2. The “allowed” group will be shown on the delivery management page after synchronization.
3. When a non-allowed internal user tries to send to the distribution group, they will see a note that they do not have permissions to send to the group or will get a bounce-back message.
4. When a non-allowed external user tried to send to the distribution group, they will get a bounce back message.

Add send as permissions.

1. In O365, navigate to the Exchange Admin Center.  Select the distribution group, click Edit and select the Group Delegation page.
2. Click the plus sign (+) and select the user(s) who will have access to send as the group e-mail address.  Click Save.