If you have recently started to here reports of users not being able to change there Azure AD / Office 365 Passwords then you may want to continue reading;
If an administrator set a user to Force change password at next logon i.e. when they reset a user passwords it allowed password synchornized users to change their cloud password and that updated password would not sync back to on-premises. This in turn caused major issues for customers who relied on password synchronization to keep passwords in sync, because it effectively allowed users to set two different passwords in two different locations.
Users that are synchronized to Azure Active Directory are unable to ‘Change‘ or ‘Update’ password when ‘Password Sync’ is enabled and “Password Writeback” has not been enabled or configured will now receive an error message like:
“Your Organization does not allow you to change your password on this site. Please change your password according to the method recommended by your organization, or ask your admin if you need help”
This is because we recently made a change to only allow users that are synchronized to Azure AD and are using password sync to change their passwords if the Password Writeback feature is available. If a customer wants to update password sync’d user passwords from the cloud, he or she must use the Password Writeback feature.
Company Administrators should review the following documentation for Password Writeback Pre-Requisites It is also important to ensure that you have purchased an Azure AD Premium Subscription and the users have been assigned an Azure AD Premium License.
Any customer who does not want password writeback, but wants users to be able to manage their own passwords, should convert those user accounts to managed user accounts such that they are no longer synchronized from on-premises.
If you have any questions please be sure to let me know,