Is anyone able to descibe the process that occurs during password changes on-premises and how they are synced to Office 365?
In particular a customer is looking to force a lot of their users to reset their AD accounts by ticking the "User must change password at next login" check box. The issue they are having is that this seems to also be stopping users from logging into OWA and Outlook apps on their mobile devices. I was initially under the impression that Office 365 ignored this attribute until the password was changed in AD.
The thing I don't understand is that these users' passwords were already synced correctly, then the flag was set on the account. So using logic (probably not wise!) the user should be able to continue using the same, already synced password until they change it on-premises. If this is not the case, which it obviously isn't, I'd love to know why and what the actual process is.
When the on-prem AD account is set to User must change password at next logon and AD Connect doesn't sync the password, does this mean it actually removes the existing password for the linked Office 365 account?