Azure AD / O365 does not 'understand' Logon Hours or (Password) Expired accounts. You need to disable the account, or configure custom sync rules in Azure AD Connect to get the desired effect.

Optionally, you could move the users to an out of sync OU, that way they'd be deleted from O365 but still be active in local AD.

Block a former employee's access to Office 365 data

IMPORTANT: Blocking an account can take up to 24 hours to take effect. If you need to immediately prevent a user's sign-in access, you should reset their password and then initiate a one-time event that will sign them out of Office 365 sessions across all devices. See Sign out now!

To block a user from signing in and accessing Office 365 data:

1. Go to the .

2. In the Office 365 admin center, select Users.

   

3. Select the employee that you want to block, and then choose Edit next to Sign-in status in the user pane.

   

4. On the Sign-in status pane, choose Sign-in blocked and then Save.

Note : You can also block a former employee's access to email (Exchange Online)