Password Expiry tool for WVD?

Are you using a Domain Controller with AD connect or AADDS to sync your identities?

I'm assuming a normal Domain Controller since you  mentioned your service desk manually resetting the passwords.

The problem is that the expiration policy isn't synced from AD to AzureAD. But if you have at least an AzureAD tenant with a P1 license then you can set an Expiration Policy on AzureAD and have it sync back the passwords when they are changed to AD with the Writeback setting.   Just make sure to disable the Expiration Policy on the regular AD.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

If you don't want to change the on-prem policy then I believe Passthrough authentication (passwords are checked on your on-prem AD instead of AzureAD and are subject to local policies) can help here as well. You also need a valid license for doing Self Service Password Reset :

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-faq#what-happens-if-my-users-password-has-expired-and-they-try-to-sign-in-by-using-pass-through-authentication