While password hash synchronization works great, it had one huge drawback. It sets the password to never expire in Office 365 regardless of what you've set up in your Active Directory. While it may not be a massive problem for some companies, it's not the same for all of them. Recent Microsoft recommendations are saying that you should set your Passwords to Never Expire, use complicated passwords and MFA (Multi-Factor Authentication). However, just because Microsoft says so doesn't mean internal rules and country laws do not require differently. If that wasn't enough, there's also another issue. If your password expires in Active Directory, it doesn't expire in Office 365. This means that while your user can't log in to Active Directory resources, he/she can still use Office 365.