Azure AD Password Protection and Smart Lockout are now in Public Preview!

We're getting ready to go live with Azure AD Password Protection.  I have some questions related to rollout strategy.  It seems as if this feature is either on or off, there's not really a great way for a phased deployment (other than installing on just a subset of Domain Controllers).  But that isn't a great option since you can't control which DC a user gets directed to for a password change.

Our on-premise Group Policy for password complexity is as follows:

• Cannot contain name and/or username
• 8 character minimum
• Must use 3 of the following 4 requirements
  • Uppercase letters
  • Lowercase letters
  • Base 10 digit
  • Special character
• Password age limit = 105 days (at which point they must change their password)

We would like to change our policy as follows (everything not listed below will remain the same as what's listed above):

• 10 character minimum
• Must use 4 of 4 requirements (upper, lower, base 10, special char)
• Password age limit = 0 (passwords no longer expire, per recommendation from Microsoft)

We currently have AADPP enabled in Audit Only mode.  Once we flip the switch to Enforce, what can we expect?  Will users with weak and/or banned passwords be prompted to change their password immediately?  Since we are changing from "Passwords expire every 105 days" to "Passwords never expire", how can we effectively roll this feature out to the masses, and get them to set a stronger password?

We need this to have a little disruption as possible because, as we all know, updating your password can be a disruptive event; especially for a mobile workforce.

The documentation doesn't really have much guidance on what to expect once you go live, and doesn't give any recommendations on how to enable the feature while switching the on-premise group policy to no longer expire passwords.  Do you have any guidance or suggestions to help with this?