Hello @Jeremy Cornwell ,
Thanks for reaching out.
Are you attempting to match/merge individual user accounts in On-premises and Azure AD based on UPN? If this is the case, you do not need to create any inbound transformation rules in the Azure AD connect sync tool; instead, you may utilize the soft match feature to match users accounts when their UPN or SMTP match across objects in the cloud and on-premises.
To learn more about Hard-match vs Soft-match, refer following links. Please help me in better understanding if I have missed something. Thanks
Hope this was helpful.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.