Having a very interesting problem with our environment
For several months now our default domain policy, which controllers the password policy on our network, has begun reverting to incorrect settings.
If we modify the policy to specify the correct settings, as soon as the policy tries to replicate to our Azure based DCs the settings revert back to the incorrect settings.
No problems are encountered with other domain controllers. Auditing on the policy shows that only the three Azure based DCs ever change the policy, and it is always random which one causes the change. The account that reverts the policy to the incorrect settings is always NT Authority\System
No cause has been found to explain the policy changing on its own and this started over the weekend a few months ago. We have ruled out any 3rd party software that could be causing the change and have a case open with Microsoft to assist us with the issue but so far we have no found a solution.
Any ideas are appreciated