Hi @bil1ej , I double checked some things and should have a working answer for you.
You need to have a separate "force password change at next logon" on the local AD, and also have password writeback enabled. This needs to be enforced at the local level. Azure AD requiring users to change their passwords during next login is only applied to users accessing Microsoft sites/products (i.e. myapps, Azure Portal, logging-in through SSO, using the login.microsoft.com URL, etc.).
If you're using AD Connect, PHS would work too.
Please let me know if you have any other questions and I can help you further.
If this answer helped you please mark it as "Verified" so other users may reference it.