@IAMUser You might need to enable EnforceCloudPasswordPolicyForPasswordSyncedUsers, that would enforce cloud password policy on synced users as well. this is recommended if users are accessing only cloud resources and we don't care about on-premises resources and password expiry that happens at on-premises AD.
With this, when user change the password locally, the password would be synced to Azure AD. Lastpassword changed time would be reset and no password change would be prompted by Azure AD till we reach 90 days or so. if password change at on-prem AD before they hit 90 days mark, this process will keep repeating. But if it was not changed at on-prem and when user access cloud resource after 90 days, user would be prompted to change password. With password writeback enabled, this would be written back to AD
this doesn't require SSPR, only password writeback has to be enabled. if the user are going to change their password always locally at AD, then everything is taken care of. But the passwords by default on cloud doesn't expire
So after 90days when password expire at AD, it doesn't expire at Azure AD you need to do the steps here to expire the password for the user at Azure AD as well
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.