Hi, its applied to ALL users in the Azure tenant - including synced ones.
I assume you are also syncing password hashes from on-prem.
When a password is changed or reset for any user in an Azure AD tenant, the current version of the global banned password list is used to validate the strength of the password. This validation check results in stronger passwords for all Azure AD customers.
Yes, if the change is being made in Azure, it will apply.