I have a number of users who have recently transitioned to Azure joined devices and are authenticating directly through AAD, though their accounts were originated in On-prem AD. When their passwords expire, they aren't getting notification but finding out when certain on-prem services aren't connecting. We are using AD Sync and it's going both ways AAD to OP and OP to AAD .
I guess my question is 2 fold:
Is it possible that AD is still expiring the password and if not, where can I find where it is expiring?
Is there any way to turn on expiration notification for Azure AD users?
Passwords are so not 2022. You have just opened a can of worms :) I would suggest you read the blog post that I have created in the past. Google the following "Comply your AD password expiration policy with Azure AD." That should help you.
I am not a fan of password expiration policies; I am more the type of administrator that prefers password-less authentication and sets the password expiration policy to "never."
By default, AAD uses a password expiration of 90-days. You can see the setting by browsing the admin center > settings > org settings > security & privacy > Password expiration policy.
There are enough online scripts that could help you send an e-mail to a user whose password expires. Hint; use the following Google search term: Password-Expiration-Notifications.ps1
Good luck, and If you have any other questions, shoot ;)