I am a little bit confused when it comes to password policies with hybrid identities: currently Pass-Through Authentication and PHS are in place and we are planning for SSPR. There is a domain password policy for all and a fine-grained password policy for a group of users. Password writeback is enabed and working. If a user changes their password from Office 365, will these policies be enforced? I see options in Azure AD which control smart lockout and lockout duration - which policy is the effective one when there are conflicting domain password policies? Where in Azure AD are the password complexity requirements and minimum password length set? I would be grateful if someone points me to an article or documentation which explains this in hybrid environments.