Our organization is looking to implement on-premises active directory as a single source of authority for account management. We currently have two separate accounts for each user. One account is in Azure and logs them into our services within M365.
Another separate account logs them into our on-premise domain and local applications that are not in the cloud. We have installed AD sync and have tested with a few users and it seems to be working. What we are struggling with is password sync, the current Azure password expiration policy is set to 365 days, the on-premise is set to 120 days. When a customer calls in with a password change request the service desk changes both to keep them in sync.
My question is if we sync all on-premise users to Azure AD will the Cloud password policy still come into play? My thought is that it won't, but I'm looking for confirmation from someone who may have done this. If I turn off password expiration in the cloud does that automatically lock in the existing passwords and when we sync the on-premise accounts those passwords will become the authoritative passwords and allow access to M365 services?