With synchronized identity, you are essentially configuring your organization's directory objects to be replicated to Azure AD. This includes a number of properties (first and last names, email addresses, office information, manager reporting configuration, and physical addresses and phone numbers, among others). You have the option to configure this synchronization with or without password hashes.
Password hash synchronization allows an Azure AD user to use the same password as the corresponding on-premises account. If you choose to synchronize identity with password hashes (the default configuration), then a hash of the user's on-premises password is synchronized to Azure AD. Authentication will be performed by Azure AD using the synchronized credential when a user attempts to access resources. To synchronize password hashes, the account specified in the Azure AD Connect setup must have two specific Active Directory rights granted (Replicating Directory Changes and Replicating Directory Changes All). These rights can be delegated manually (using a tool such as the Azure Active Directory Connect Advanced Permissions tool at http://aka.ms/aadpermissions) or through making the synchronization service account a member of either Domain Admins or Enterprise Admins. While the default synchronization time for Azure AD Connect is every 30 minutes, password changes on-premises are processed and synchronized to Azure AD immediately as a separate process.
If you choose to synchronize identity without password hashes, all the account details are synchronized except for the password. Users have to maintain the password separately. This option is commonly configured if you are going to configure a federation service outside of Azure AD Connect, though you are not required to do so. Authentication will be performed by Azure AD using the synchronized user identity with a cloud password (if no federated authentication has been configured); otherwise, the request will be redirected to the federated Identity Provider (IDP) if the federation has been configured.
Password hash synchronization doesn't rely on any on-premises infrastructure to validate passwords or authentication attempts. If the on-premises environment is unavailable, users are still able to log on to Azure AD protected resources since the authentication attempt is processed against the service.