When a user changes a password online (from Office 365) and Pass-Through authentication is enabled the password is actually changed on the on-premises Active Directory and the local password policy applies.
Do you have any compliance policies setup in Intune ? They can enforce password policies.