Hi @Ed · Thank you for reaching out.
Yes, you are on correct path.
Enabling EnforceCloudPasswordPolicyForPasswordSyncedUsers will remove password never expires policy in Azure. If you have some specific synced users with non-expiring passwords in Azure AD, you need to use below cmdlet:
Set-AzureADUser -ObjectID <User Object ID> -PasswordPolicies "DisablePasswordExpiration"
Matching Azure AD and On-premises AD password expiration policy and password writeback ensures consistency between both environments for Password Expiry.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.