When users reset their password through the sspr/password reset on Micorosft Online i.e. recover ther account, it isthen setting the flag in on-prem AD to force password change at next login. When the user logs in again to Office.com (for example) via ADFS, they are prompted to change their password again. Its then set correctly. How can I prevent this behaviour?
I have not encountered this behavior before and have not been able to find it as a configuration possibility, If you have an second installation of Azure AD Connect in staging mode, try and switch. im wondering if you have a on-premises gpo resulting in this behavior ? how long has this been going on ?