What is the password expiration policy set to on-prem?
this is what the setting changes
EnforceCloudPasswordPolicyForPasswordSyncedUsers
And really that should have been set before PHS and ensure the Azure AD and on-prem policies match if you do enable
I would actually do step3 first.
Note that in step 2, this could cause a large number of users to get prompted to reset their passwords.