If you have password write back enabled with Azure AD Connect. The password change will be synced from either Active Directory or from Office 365. You have the option to use password reset from either Office 365 or Active Directory. Forced password reset is not synced. The tradeoff is that if you use Active Directory with forced password reset only a domain joined computer will be able to do the password reset. If you use Office 365 admin center to flag the forced password reset the user will only be asked to do the reset after logging into Office 365 via the browser and not after logging into the computer. If you only have intune joined devices and used Active Directory password reset they won't be able to login. If you have both Intune joined devices and Domain joined devices password resets from Active Directory will only work and be possible on domain joined devices. That leaves the best option when you have mostly intune joined devices is to only use the password reset from Office 365 admin center.