We are currently investigating how we can best implement this feature.
An error occurred while saving the commentAnn commented
"This is a design Behavior.
There is no attribute such as passwordexpire which will tell office 365 that the password is expired."
So, when you are using Password Hash synchronization, the “expired password” detail isn’t synced to AAD and hence users can continue to sign in.
So basically the password needs to be updated and sync should be run so that the new password is synced to cloud.
This is one way.
Given the situation, why not switch the Authentication method from Password Hash to Pass-Through Authentication. This will meet the desired requirement.