Hello @RST ,
Thanks for reaching out.
when users change or reset their passwords using SSPR in the cloud, new passwords would be written back to the on-premises AD DS environment (the source of authority) and updated passwords hash will then synchronized to cloud through AAD Connect in real time.
To lean more, refer : https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback#how-password-writeback-works
Hope this helps.
------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.