Replicated accounts with passwords longer than 16 characters to Azure AD

Q. I am replicating accounts to Azure AD but have accounts with passwords longer than 16 characters, what will happen?

A. Azure AD has a default password policy which is documented at https://msdn.microsoft.com/en-us/library/azure/jj943764.aspx. This policy states that passwords must be a minimum of 8 characters and a maximum of 16 characters with complexity enabled. Some organizations have adopted the use of password phrases for their on-premises implementations, which means the passwords would be longer than 16 characters. If you are using Azure AD Connect (which behind the scenes is using Microsoft Identity Manager) to replicate on-premises Active Directory accounts to Azure AD then what happens to passwords longer than 16 characters? What actually happens is that password replication to Azure AD is enabled based the on-premises password policy and is applied to Azure AD including the maximum password length. This means longer passwords are usable in Azure AD and the existing AD passwords will continue to work in Azure AD.